On 01/10/2014 06:02 PM, ZeroUno wrote:
Il 09/01/14 13:40, Laine Stump ha scritto:
you asked for "best", not "ideal" :-) Aside from eliminating all use of
;)
solve by itself. But that same paragraph also tells you how to have the iptables service signal libvirt to reload its iptables rules.
Sorry, what do you mean? I'm not able to find such an indication in that page...
Hmm, I guess you're right - the final paragraph of http://libvirt.org/firewall.html doesn't tell you *how* to do that, it just tells you that you need to. Depending on your Linux distro and version, you could do this with a local modification to the script that starts/stops the iptables service - e.g. /usr/libexec/iptables/iptables.init when systemd is in use, or /etc/init.d/iptables for for initscripts. Of course this is also a hack, as it's liable to be overwritten when the iptables package is updated :-(