On 08/13/2013 07:23 AM, Laine Stump wrote: > There hasn't been any substantial change in the iptables rules added by > libvirt for virtual networks in a long time; I guess this is due to the fact that, in the enterprise (oVirt/RHEV), bridge networking is mainly used over "virtual-networks". > Sure, that's simple if you're going to start/stop all virtual networks > together as a group. It's more complicated if you want each network to > operate independently of the other (i.e. t obe able to start/stop each > network without affecting the others). Possibly the way to do that would > be to create separate chains for the allow and block. You're right: that's the correct way to handle this (using chains). > You're welcome to write a patch for it :-) Yeah I know it's easy to pinpoint a problem... I would have provided a patch If I were a coder, believe me :) I guess I can open an enhancement-request (perhaps for F21) with pseudo-code on how to handle the different events (something that would be easy for someone familiar with the code to implement). With the upcoming snapshot functionality in virt-manager I hope many end-users start using it more and subsequently the virtual-networks. Thanks! -- Jorge _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
