Re: [libvirt] iptables rules for a vm

On Tue, 2008-12-09 at 17:30 -0500, Karl Wirth wrote:

I have kicked around an idea before with some of you about
iptables...basically being able to have iptables rules that are
associated with the metadata around a particular vm, then apply those to
the host iptables when the vm is spun up or migrated to that host.  
Especially the interesting issues around taking the nf/ip_conntrack data and making sure that state information is correctly migrated.

I emailed with James he thinks the pieces are there but integration work
is needed (as well as the central management).  Would someone be willing
to help me understand what major pieces of work would be needed to make
this possible?


