Re: [libvirt-users] Why does libvirt use XML firewall rules?

Hi there, When creating a VM with a persistent virtual network, libvirt creates an XML file with firewall definitions and stores it in /etc/libvirt/<hypervisor>/networks/. The XML file is (to my knowledge) incompatible with iptables-restore. Therefore you can’t manage your firewall with other iptables (GUI) tools unless libvirt lets you a) import extra rules, b) has an option to export the XML rules into iptables-save format or c) something else. If a) , b) or c) is possible then this discussion is of course useless and I would be pleased to know how it’s done :) If not, then let’s get the discussion started. IMHO, saving rules into XML instead of using iptables-save is absurd since you’ll have to code stuff which is already coded. Also you’ll make it incompatible with the tools which are readily available. Why go for this approach and what do we get from it? Best regards, -Hansa