On 12/12/2011 14:20, Hansa wrote > Hi there, > > When creating a VM with a persistent virtual network, libvirt creates > an XML file with firewall definitions and stores it in > /etc/libvirt/<hypervisor>/networks/. The XML file is (to my knowledge) > incompatible with iptables-restore. Therefore you can?t manage your > firewall with other iptables (GUI) tools unless libvirt lets you a) > import extra rules, b) has an option to export the XML rules into > iptables-save format or c) something else. If a) , b) or c) is possible > then this discussion is of course useless and I would be pleased to > know how it?s done :) > > If not, then let?s get the discussion started. > IMHO, saving rules into XML instead of using iptables-save is absurd > since you?ll have to code stuff which is already coded. Also you?ll > make it incompatible with the tools which are readily available. Why go > for this approach and what do we get from it? > > Best regards, > > -Hansa Bump... Why does libvirt use XML firewall rules?
