On 04/17/2014 10:42 AM, Jianwei Hu wrote: > Hi guys, > > I saw this sub-element in http://libvirt.org/firewall.html, there is some confusion, what's the meaning of sub-element <ip address='X.X.X.X'> in <interface type='bridge'> of domain xml? > > The detail <interface> in domain xml as below: > <interface type='bridge'> > <mac address='52:54:00:56:44:32'/> > <source bridge='br1'/> > <ip address='10.X.X.X'/> <===it's my question As far as I can find, the <ip> subelement of a domain's <interface> is: 1) only recognized for <interface type='bridge'> and <interface type='ethernet'> 2) only used by the xen driver, and ignored by all others. I believe it is the IP address that xen will tell the domain to use for its interface. The correct way to specify a guest IP address for a nwfilter is described here: http://libvirt.org/formatnwfilter.html#nwfconceptsvars The page you're citing is something lifted from an email written by Daniel Berrange, and it was likely written during early design of nwfilter and then wasn't updated to reflect what was finally implemented. Stefan - can you confirm or deny my suspicion? Beyond that, I think that page needs to be somehow updated from / combined with the formatnwfilter page to eliminate both duplicated and incorrect information. > <target dev='vnet0'/> > <model type='virtio'/> > <filterref filter='clean-traffic'/> > </interface> > > Is it static IP(specified by customer) in guest OS? or a IP of interface(e.g. eno1) in "br1" on host machine? what's definition about it? > > [root@localhost src]# brctl show > bridge name bridge id STP enabled interfaces > br1 8000.24be051881ce no eno1 > > If you know how to use it, please show me a detail scenario. Don't use it. _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users