On 01/09/2014 02:07 PM, ZeroUno wrote: > Il 09/01/14 11:38, ZeroUno ha scritto: > >> Il 08/01/14 16:17, Laine Stump ha scritto: >>> http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections >> >> interesting!), AFAICT this might help with adding rules to the NAT >> table, which was the first part of my question, but does not help with > > ...also, it appears that the hook script /etc/libvirt/hooks/daemon to > be called when the libvirt daemon is started is actually called > _before_ libvirt adds its own iptables rules, because I am not able to > insert my custom rule at the top of the chain. > > Maybe I might use the qemu script which is called each time a guest is > started/stopped, by inserting some checks to prevent duplicates, but > it becomes even more "hackish"... :) Interesting point, and one which reinforces the idea that a network event hook script might be a nice thing to have (although adding in callout to an externally-created shell script always has security implications, especially for a process running as root). _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
