Hi, in order to get hook scripts to work, I used a backported version of libvirtd on Ubuntu 10.04 LTS. Here are the details: Compiled against library: libvir 0.8.3 Using library: libvir 0.8.3 Using API: QEMU 0.8.3 Running hypervisor: QEMU 0.12.5 After adjusting the apparmor profile to accept the hook scripts under /etc/libvirt/hooks/, I am able to start and stop domains again, but only the script named "daemon" gets executed, the one named "qemu" gets ignored. All my domains are KVM domains. I thought the "qemu" script should apply to that?! My actual goal is to suppress the rules or better yet execute my own script (in order to amend or replace the libvirt rules) after insertion of the "default" rules during startup of the daemon. The reason being that I need to do some PNAT and other custom handling ... So far I have not been able to catch the state where the bridge has already been created and the rules inserted. Thus I've had to manipulate the firewall rules manually (well, still scripted ;)) after booting the host. Any ideas? Thanks, // Oliver PS: Side-note, I tried using the newfilter facilities, but there seems to be no way to insert rules at the start of a chain and similar things. PPS: # cat /etc/libvirt/qemu/networks/default.xml <network> <name>default</name> <bridge name="virbr%d" /> <forward/> <ip address="192.168.122.1" netmask="255.255.255.0" /> </network>
