[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Inbound NAT and iptables rules



On 02/08/2010 12:17 PM, Karl Vogel wrote:
This issue has been brought up a few times, but I haven't found any real
solution yet. The problem is with the way libvirt adds iptables rules.

Would a patch to add hooks to call an external script/binary be an acceptable solution?

ie. add a <script> tag to the network.xml definition where one can specify a script/binary to run during pre/post network up/down.

  <network>
        <name>default</name>
        <bridge name="virbr0" />
        <forward mode="nat"/>
        <ip address="192.168.122.1" netmask="255.255.255.0">
          <dhcp>
            <range start="192.168.122.2" end="192.168.122.254" />
          </dhcp>
        </ip>
	<script>
		<up pre="xxxx" post="xxx />
		<down pre="xxxx" post="xxx />
	</script>
  </network>

That way more advanced iptable setups are possible.

I could cook something up, unless there is an argument against doing this?!


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]