On 8/17/20 5:15 AM, Gunnar Niels wrote:> Hello, I have a set of iptables rules that I need to insert *after* libvirt
> has set up all of its firewall rules. Is there a hook that I can tap 
> into in
> order to run something like a custom script to make sure this happens? 
> Any ideas?
> 
> -GN
> 
You should be able to use a libvirt network hook script to do this:
https://libvirt.org/hooks.html
Basically you put an executable script in /etc/libvirt/hooks/network 
Once the network is started, the hook will be called with this commandline:
     /etc/libvirt/hooks/network network_name started begin -
stdin will contain the entire network XML definition in case you want 
details, or want to extract some task-specific metadata from the network 
definition (syntax for that is here: 
https://libvirt.org/formatnetwork.html#elementsMetadata )
The same script will be called before the network is started, after it's 
shut down, and whenever a guest interface is attached or detached from 
the network - the details are in the web page linked above.