With the virtual networking capability we have to add various rules to the iptables chains to ensure that outgoing connections are forwarded + NATed to the physical LAN. Now if the user does 'service iptables restart' these rules are lost until you restart the VM. This obviously sucks. We've been exploring the possibility of adapting the Fedora / RHEL iptables scripts to allow user-defined chains which are automatically restored from a 'safe' config file during a restart. This is not present in FC6 / RHEL5 or even F6 yet, nor does it help non-Fedora userrs. We already have ability to add / remove rules from iptables, so I was wondering how hard it would be to list existing rules. From whence we can look at existing rules to see if our virtual network forwarding/NAT rules were missing. The idea being that a simple 'killall -SIGHUP libvirt_qemud' could trigger libvirt to check & re-add the iptables rules if missing. Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|