Hey, Just for reference ... On Wed, 2007-03-21 at 03:18 +0000, Daniel P. Berrange wrote:
With the virtual networking capability we have to add various rules to the iptables chains to ensure that outgoing connections are forwarded + NATed to the physical LAN. Now if the user does 'service iptables restart' these rules are lost until you restart the VM. This obviously sucks.
We've been exploring the possibility of adapting the Fedora / RHEL iptables scripts to allow user-defined chains which are automatically restored from a 'safe' config file during a restart. This is not present in FC6 / RHEL5 or even F6 yet, nor does it help non-Fedora userrs.
Here's the bug on this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227011
We already have ability to add / remove rules from iptables, so I was wondering how hard it would be to list existing rules. From whence we can look at existing rules to see if our virtual network forwarding/NAT rules were missing. The idea being that a simple 'killall -SIGHUP libvirt_qemud' could trigger libvirt to check & re-add the iptables rules if missing.
I sent on a patch in another mail to do this. Cheers, Mark.