On 8/17/20 5:15 AM, Gunnar Niels wrote:
Hello, I have a set of iptables rules that I need to insert *after* libvirt
has set up all of its firewall rules. Is there a hook that I can tap
into in
order to run something like a custom script to make sure this happens?
Any ideas?
-GN
You should be able to use a libvirt network hook script to do this:
https://libvirt.org/hooks.html
Basically you put an executable script in /etc/libvirt/hooks/network
Once the network is started, the hook will be called with this commandline:
/etc/libvirt/hooks/network network_name started begin -
stdin will contain the entire network XML definition in case you want
details, or want to extract some task-specific metadata from the network
definition (syntax for that is here:
https://libvirt.org/formatnetwork.html#elementsMetadata )
The same script will be called before the network is started, after it's
shut down, and whenever a guest interface is attached or detached from
the network - the details are in the web page linked above.
