killing all of the shell script code ?
you mean nwfilter of libvirt does not exist any more?
yes. nwfilter code is horrible .
maybe we can think of a better way. after all ip|eb tables is complicated, and must be done, user or libvirt.
thanks
At 2014-03-27 18:57:23,"Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: >On Thu, Mar 27, 2014 at 09:20:23AM +0800, bigclouds wrote: >> hi,all >> >> is there a way to convert vm's filter into comandline, i think it is useful. >> if there is the functionality, so you think it is worthy to be done. > >Currently the nwfilter driver generates horrible hacky shell scripts which >run a variety of (eb|ip)tables commands. I'm killing all of the shell >script code so that we can directly invoke iptables or talk to firewalld >over DBus. The commands we will generate though won't be suitable for a >user to run directly, because libvirt will parse the output of some >commands in order to determine what subsequent commands to run. This >kind of logic isn't something you can just "export" from libvirt, so >what you suggest isn't really practical > >Regards, >Daniel >-- >|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| >|: http://libvirt.org -o- http://virt-manager.org :| >|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| >|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list