[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt-users] Possible to edit/apply nwfilter at runtime?

On 2018/02/16 12:12 pm, Daniel P. Berrangé wrote:
On Fri, Feb 16, 2018 at 11:59:42AM -0500, Andre Goree wrote:
I'm trying to determine if it's possible to edit/attach/apply nwfilter rules at runtime? I.e., after a VM is already running, can I apply a nwfilter to the VM and have it work without rebooting the machine? Thus far, I've not come across a way to do so, but I thought I'd ask here before I chase my
tail around Google.

Simply re-define the nwfilter in question using  virsh nwfilter-define.
Any VMs using that filter will automatically update.

|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

I've run into an issue here that I thought you might have some insight on.

I can't seem to "re-define" a nwfilter. I must first 'virsh nwfilter-undefine' then 'virsh nwfilter-define', or else use 'virsh nwfilter-edit'. The problem being, I cannot use nwfilter-edit from a script :/

My real problem is that if I want to add to and/or adjust a filter for a VM, I basically have to call 'virsh update-device ...' which unfortunately leaves the VM wide-open for a short period of time, which is very undesirable.

I wonder if there's a way to edit the nwfilter _without_ libvirt having to drop the filter for the VM before applying any changes.

Andre Goree
Email     - andre at drenet.net
Website   - http://blog.drenet.net
PGP key   - http://www.drenet.net/pubkey.html

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]