On Mon, 2010-01-25 at 14:59 +0000, Daniel P. Berrange wrote: > The shear size of the ruleset inside the <interface> element is > rather alarming to me. Imagine if you have a guest with more > than one NIC. I'm inclined to suggest that the <interface> > element in the domain XML description should only have a single > rule > > <filter name='BLAH'/> > > and if apps wish to construct a filter, from multiple independant > sub-filters, then that should be done against the filter object's > config, rather than the domain object's config. Daniel, we could achieve something similar with the following construct: <xi:include href="demofilter.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> This would also have the advantage that the filter rules do not clutter up the domain xml, but the migration of the rules might be simpler to implement. What is your thinking about this approach? -- Best regards, Gerhard Stenzel, ----------------------------------------------------------------------------------------------------------------------------------- IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martin Jetter Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list