killing all of the shell script code ?
you mean nwfilter of libvirt does not exist any more?
yes. nwfilter code is horrible .
maybe we can think of a better way. after all ip|eb tables is complicated, and must be done, user or libvirt.
thanks
At 2014-03-27 18:57:23,"Daniel P. Berrange" <berrange@redhat.com> wrote:
>On Thu, Mar 27, 2014 at 09:20:23AM +0800, bigclouds wrote:
>> hi,all
>>
>> is there a way to convert vm's filter into comandline, i think it is useful.
>> if there is the functionality, so you think it is worthy to be done.
>
>Currently the nwfilter driver generates horrible hacky shell scripts which
>run a variety of (eb|ip)tables commands. I'm killing all of the shell
>script code so that we can directly invoke iptables or talk to firewalld
>over DBus. The commands we will generate though won't be suitable for a
>user to run directly, because libvirt will parse the output of some
>commands in order to determine what subsequent commands to run. This
>kind of logic isn't something you can just "export" from libvirt, so
>what you suggest isn't really practical
>
>Regards,
>Daniel
>--
>|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
>|: http://libvirt.org -o- http://virt-manager.org :|
>|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
>|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|