Re: [libvirt-users] Best practice for custom iptables rules
On 01/10/2014 06:02 PM, ZeroUno wrote:
Il 09/01/14 13:40, Laine Stump ha scritto:
> you asked for "best", not "ideal" :-) Aside from eliminating all
use of
;)
> solve by itself. But that same paragraph also tells you how to have the
> iptables service signal libvirt to reload its iptables rules.
Sorry, what do you mean? I'm not able to find such an indication in
that page...
Hmm, I guess you're right - the final paragraph of
http://libvirt.org/firewall.html doesn't tell you *how* to do that, it
just tells you that you need to. Depending on your Linux distro and
version, you could do this with a local modification to the script that
starts/stops the iptables service - e.g.
/usr/libexec/iptables/iptables.init when systemd is in use, or
/etc/init.d/iptables for for initscripts. Of course this is also a hack,
as it's liable to be overwritten when the iptables package is updated :-(