Re: [libvirt-users] nwfilter and address of network ip address
On Sat, May 06, 2017 at 08:09:49PM -0400, Dan wrote:
On Fri, May 5, 2017 at 4:29 PM, Nicolas Bock
<nicolasbock(a)gmail.com> wrote:
> Hi,
>
> I am running a webserver on the libvirt host and would like to add a
> nwfilter such that a VM can access that server. The corresponding iptables
> rule would look like this:
>
> iptables --append INPUT --in-interface virbr0 --destination 192.168.122.1
> --protocol tcp --dport 80 --jump ACCEPT
>
> where the network is using virbr0 and sits at 192.168.122.1. I don't want
> to hardcode the host IP address in the nwfilter so that I can use that
> filter for other networks. Is it possible to reference the host's IP
> address in the filter?
There is a pre-defined parameter for the VM's own IP address:
http://libvirt.org/formatnwfilter.html#nwfelemsRulesAdvIPAddrDetection
but we don't have anything for the host's IP address. We could fairly
easily add it though I reckon - eg provide a HOST_IP parameter.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|