Re: [libvirt] Inbound NAT and iptables rules
On 02/08/2010 12:17 PM, Karl Vogel wrote:
This issue has been brought up a few times, but I haven't found
any real
solution yet. The problem is with the way libvirt adds iptables rules.
Would a patch to add hooks to call an external script/binary be an
acceptable solution?
ie. add a <script> tag to the network.xml definition where one can
specify a script/binary to run during pre/post network up/down.
<network>
<name>default</name>
<bridge name="virbr0" />
<forward mode="nat"/>
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254"
/>
</dhcp>
</ip>
<script>
<up pre="xxxx" post="xxx />
<down pre="xxxx" post="xxx />
</script>
</network>
That way more advanced iptable setups are possible.
I could cook something up, unless there is an argument against doing this?!