libvirt users - Jan 2014 - Re: Best practice for custom iptables rules

Il 09/01/14 13:40, Laine Stump ha scritto:
> you asked for "best", not "ideal" :-) Aside from
eliminating all use of
;)
> solve by itself. But that same paragraph also tells you how to have the
> iptables service signal libvirt to reload its iptables rules.
Sorry, what do you mean? I'm not able to find such an indication in that 
page...

-- 
01

On 01/10/2014 06:02 PM, ZeroUno wrote:
> Il 09/01/14 13:40, Laine Stump ha scritto:
>
>> you asked for "best", not "ideal" :-) Aside from
eliminating all use of
>
> ;)
>
>> solve by itself. But that same paragraph also tells you how to have the
>> iptables service signal libvirt to reload its iptables rules.
>
> Sorry, what do you mean? I'm not able to find such an indication in
> that page...
Hmm, I guess you're right - the final paragraph of
http://libvirt.org/firewall.html doesn't tell you *how* to do that, it
just tells you that you need to. Depending on your Linux distro and
version, you could do this with a local modification to the script that
starts/stops the iptables service - e.g.
/usr/libexec/iptables/iptables.init when systemd is in use, or
/etc/init.d/iptables for for initscripts. Of course this is also a hack,
as it's liable to be overwritten when the iptables package is updated :-(

Hi libvirt:

Id like some feedback : I've written up how I create and add new disks to my
running VMs (for development and testing so not worried about high performance
io or anything like that..):

http://jayunit100.blogspot.com/2014/01/adding-new-virtual-disks-to-running.html

I don't like this solution though because it directly references qemu. Is
there a more "virt"
Style abstraction I can use to create new virtual disk images for adding storage
on the fly to my VMs?

Also general comments would be welcome... I'm new to dev oriented
virtualization with virt and want to use it with he right idioms if possible.