[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] Persistence / re-instate of iptables rules



Hey,
	Just for reference ...

On Wed, 2007-03-21 at 03:18 +0000, Daniel P. Berrange wrote:
> With the virtual networking capability we have to add various rules to the
> iptables chains to ensure that outgoing connections are forwarded + NATed
> to the physical LAN. Now if the user does 'service iptables restart' these
> rules are lost until you restart the VM. This obviously sucks.
> 
> We've been exploring the possibility of adapting the Fedora / RHEL iptables
> scripts to allow user-defined chains which are automatically restored from
> a 'safe' config file during a restart. This is not present in FC6 / RHEL5
> or even F6 yet, nor does it help non-Fedora userrs.

	Here's the bug on this:

  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227011

> We already have ability to add / remove rules from iptables, so I was 
> wondering how hard it would be to list existing rules. From whence we can
> look at existing rules to see if our virtual network forwarding/NAT rules
> were missing. The idea being that a simple 'killall -SIGHUP libvirt_qemud'
> could trigger libvirt to check & re-add the iptables rules if missing. 

	I sent on a patch in another mail to do this.

Cheers,
Mark.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]