killing all of the shell script code ? you mean nwfilter of libvirt does not exist any more? yes. nwfilter code is horrible . maybe we can think of a better way. after all ip|eb tables is complicated, and must be done, user or libvirt. thanks At 2014-03-27 18:57:23,"Daniel P. Berrange" <berrange@redhat.com> wrote:
On Thu, Mar 27, 2014 at 09:20:23AM +0800, bigclouds wrote:
hi,all
is there a way to convert vm's filter into comandline, i think it is useful. if there is the functionality, so you think it is worthy to be done.
Currently the nwfilter driver generates horrible hacky shell scripts which run a variety of (eb|ip)tables commands. I'm killing all of the shell script code so that we can directly invoke iptables or talk to firewalld over DBus. The commands we will generate though won't be suitable for a user to run directly, because libvirt will parse the output of some commands in order to determine what subsequent commands to run. This kind of logic isn't something you can just "export" from libvirt, so what you suggest isn't really practical
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|