Hey,
When the iptables support was first added to libvirtd,
we proposed a change to iptables to allow us to register our
rules so that the rules would be automatically reloaded e.g.
"service iptables restart" was run or if the user modified
their firewall configuration with system-config-firewall. See:
https://bugzilla.redhat.com/227011
That proposal wasn't accepted and so users must
currently force libvirt to reload its iptables configuration
using SIGHUP in those circumstances.
However, since Fedora 8, lokkit has grown a --custom-rules
option which we can use to achieve the same effect. The following
series of patches does just that.
Most of the patches are pretty trivial; the only really
significant one is 7/9.
(Oh, 7/9 requires Dan's virFileReadAll() patch)
Thanks,
Mark.
--