Re: [libvirt-users] Modify Iptables Rules (virbr0 & virbr1)
On 08/13/2013 07:23 AM, Laine Stump wrote:
There hasn't been any substantial change in the iptables rules
added by
libvirt for virtual networks in a long time;
I guess this is due to the fact that, in the enterprise (oVirt/RHEV),
bridge networking is mainly used over "virtual-networks".
Sure, that's simple if you're going to start/stop all virtual
networks
together as a group. It's more complicated if you want each network to
operate independently of the other (i.e. t obe able to start/stop each
network without affecting the others). Possibly the way to do that would
be to create separate chains for the allow and block.
You're right: that's the correct way to handle this (using chains).
You're welcome to write a patch for it :-)
Yeah I know it's easy to pinpoint a problem... I would have provided a
patch If I were a coder, believe me :) I guess I can open an
enhancement-request (perhaps for F21) with pseudo-code on how to handle
the different events (something that would be easy for someone familiar
with the code to implement).
With the upcoming snapshot functionality in virt-manager I hope many
end-users start using it more and subsequently the virtual-networks.
Thanks!
--
Jorge