Hello, > Can you outline how your desired configuration for libvirt NAT mode is > different from what libvirt already does ? The goal for this is to be > totally zero-conf, so that fact that you can't use the default setup > shows something is lacking in our impl & I'd prefer to identify what > that is rather than blindly disabling it. In addition the libvirt > rules are written to try & ensure that they only impact traffic > to/from the subnet that is configured in the libvirt network, to avoid > causing problems for other rules you might have already configured. I opened a bug report[1] for this too, doing the right thing for out-of-the-box configuration is ok, but everything should be opt-out and manually configurable. I add sanity-check rules at top of my netfilter chains and when a libvirt network start it's not "protected" by theses rules. It's like my bug report on dnsmasq[2], I already have a complete DHCP/DNS-with-LDAP-backend configuration for the subnet, I don't need it but can not opt-out the feature. This disempower the user/administrator, which I think is bad. So, what I whould like to see: 1. Automatic configuration for out-of-the-box setup 2. Opt-out all the automatic configurations 3. Manually configurable, with pre-up(before), up(doing it), post-up(after) and their down counterparts. Please. Footnotes: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568790 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549183 -- Daniel Dehennin Récupérer ma clef GPG: gpg --keyserver pgp.mit.edu --recv-keys 0x6A2540D1
Attachment:
pgpzOKNpfrIfX.pgp
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list