Hey, Just for reference ... On Wed, 2007-03-21 at 03:18 +0000, Daniel P. Berrange wrote: > With the virtual networking capability we have to add various rules to the > iptables chains to ensure that outgoing connections are forwarded + NATed > to the physical LAN. Now if the user does 'service iptables restart' these > rules are lost until you restart the VM. This obviously sucks. > > We've been exploring the possibility of adapting the Fedora / RHEL iptables > scripts to allow user-defined chains which are automatically restored from > a 'safe' config file during a restart. This is not present in FC6 / RHEL5 > or even F6 yet, nor does it help non-Fedora userrs. Here's the bug on this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227011 > We already have ability to add / remove rules from iptables, so I was > wondering how hard it would be to list existing rules. From whence we can > look at existing rules to see if our virtual network forwarding/NAT rules > were missing. The idea being that a simple 'killall -SIGHUP libvirt_qemud' > could trigger libvirt to check & re-add the iptables rules if missing. I sent on a patch in another mail to do this. Cheers, Mark.