[libvirt-users] Possible to edit/apply nwfilter at runtime?

Andre Goree andre at drenet.net
Fri Mar 30 20:29:21 UTC 2018


On 2018/02/16 12:12 pm, Daniel P. Berrangé wrote:
> On Fri, Feb 16, 2018 at 11:59:42AM -0500, Andre Goree wrote:
>> I'm trying to determine if it's possible to edit/attach/apply nwfilter 
>> rules
>> at runtime?  I.e., after a VM is already running, can I apply a 
>> nwfilter to
>> the VM and have it work without rebooting the machine?  Thus far, I've 
>> not
>> come across a way to do so, but I thought I'd ask here before I chase 
>> my
>> tail around Google.
> 
> Simply re-define the nwfilter in question using  virsh nwfilter-define.
> Any VMs using that filter will automatically update.
> 
> 
> Regards,
> Daniel
> --
> |: https://berrange.com      -o-    
> https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org         -o-            
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org    -o-    
> https://www.instagram.com/dberrange :|


I've run into an issue here that I thought you might have some insight 
on.

I can't seem to "re-define" a nwfilter.  I must first 'virsh 
nwfilter-undefine' then 'virsh nwfilter-define', or else use 'virsh 
nwfilter-edit'.  The problem being, I cannot use nwfilter-edit from a 
script :/

My real problem is that if I want to add to and/or adjust a filter for a 
VM, I basically have to call 'virsh update-device ...' which 
unfortunately leaves the VM wide-open for a short period of time, which 
is very undesirable.

I wonder if there's a way to edit the nwfilter _without_ libvirt having 
to drop the filter for the VM before applying any changes.

-- 
Andre Goree
-=-=-=-=-=-
Email     - andre at drenet.net
Website   - http://blog.drenet.net
PGP key   - http://www.drenet.net/pubkey.html
-=-=-=-=-=-




More information about the libvirt-users mailing list