On 01/09/2014 02:07 PM, ZeroUno wrote:
Il 09/01/14 11:38, ZeroUno ha scritto:
Il 08/01/14 16:17, Laine Stump ha scritto:
http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections
interesting!), AFAICT this might help with adding rules to the NAT table, which was the first part of my question, but does not help with
...also, it appears that the hook script /etc/libvirt/hooks/daemon to be called when the libvirt daemon is started is actually called _before_ libvirt adds its own iptables rules, because I am not able to insert my custom rule at the top of the chain.
Maybe I might use the qemu script which is called each time a guest is started/stopped, by inserting some checks to prevent duplicates, but it becomes even more "hackish"... :)
Interesting point, and one which reinforces the idea that a network event hook script might be a nice thing to have (although adding in callout to an externally-created shell script always has security implications, especially for a process running as root).