On 04/20/2016 12:27 PM, Andrea Bolognani wrote:
On Fri, 2016-04-15 at 18:01 -0400, Cole Robinson wrote:
The proper nwfilter docs go into full detail, but we should still have a brief bit about domain XML in the domain documentation --- docs/formatdomain.html.in | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+)
This is neat, thanks for working on it.
A few minor comments below.
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 9bcef6a..f6ce22d 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -4908,6 +4908,47 @@ qemu-kvm -net nic,model=? /dev/null <code><model></code> element is mandatory. </p>
+ <h5><a name="elementNwfilter">Traffic filtering with NWFilter</a></h5> + + <p> + <span class="since">Since 0.8.0</span> an <code>nwfilter</code> profile + can be assigned to an interface device, which allows configuring
[...] can be assigned to a domain interface, [...]
Perhaps? Not really sure, go with whatever you like better.
I used your wording, thanks
+ traffic filter rules for the virtual machine. + + See the <a href="formatnwfilter.html">nwfilter</a> documentation for more + complete details. + </p>
This is the first link to the complete documentation. There are two more later on. Maybe that's overdoing it a little ;)
Keep just this one and get rid of the other two. Or replace the last one with this one, whatever you like better.
I got rid of the second one, but kept the third, since it links to an explicit section in the nwfilter docs about parameters
+<pre> + ... + <devices> + <interface ...> + ... + <filterref filter='clean-traffic'/> + </interface> + <interface ...> + ... + <filterref filter='myfilter'> + <parameter name='IP' value='104.207.129.11'/> + <parameter name='IP6_ADDR' value='2001:19f0:300:2102::'/> + <parameter name='IP6_MASK' value='64'/> + ... + </filterref> + </interface> + </devices> + ...</pre> + + <p> + The <code><filterref></code> <code>filter</code> attribute
The filter attribute of the <filterref/> element [...]
Actually I just dropped the filterref bit since it seemed redundant Pushed now, thanks! - Cole