Thanks, I already tried inserting a delay with "sleep" but it didn't change anything, as the hook script is not processed in parallel with other operations: libvirt waits until the hook script has been completed, before proceeding with the creation of its own iptables rules.

plz take a closer look at my script, and have a real try with it.