On 03/27/2014 04:43 AM, Eric Blake wrote:
On 03/26/2014 07:20 PM, bigclouds wrote:
> hi,all
>
> is there a way to convert vm's filter into comandline, i think it is useful.
You mean, as in
virsh domxml-to-native qemu-argv $(virsh dumpxml $dom)
or are you asking about the nwfilter settings applied on behalf of a guest?
Since this same person previously asked about "netfilter" on IRC, I'm
assuming the latter...
No, there isn't a way within libvirt to retrive this information. Beyond
that, Dan Berrange is in the middle of refactoring the nwfilter code to
not use the commandline at all in the case where firewalld is running,
so in the future libvirt won't even be running any external commands to
setup nwfilter rules.
One way to get the information would be to run "iptables -S" before and
after starting the guest, then look at the difference between the two
outputs.