On 03/27/2014 04:43 AM, Eric Blake wrote: > On 03/26/2014 07:20 PM, bigclouds wrote: >> hi,all >> >> is there a way to convert vm's filter into comandline, i think it is useful. > You mean, as in > virsh domxml-to-native qemu-argv $(virsh dumpxml $dom) > > or are you asking about the nwfilter settings applied on behalf of a guest? Since this same person previously asked about "netfilter" on IRC, I'm assuming the latter... No, there isn't a way within libvirt to retrive this information. Beyond that, Dan Berrange is in the middle of refactoring the nwfilter code to not use the commandline at all in the case where firewalld is running, so in the future libvirt won't even be running any external commands to setup nwfilter rules. One way to get the information would be to run "iptables -S" before and after starting the guest, then look at the difference between the two outputs. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list