On Wed, Sep 09, 2020 at 06:31:41PM +0200, Joel Colledge wrote: > ## Conclusion > > The underlying problem seems to be that net-update removes and > re-creates the iptables rules, even when it makes no changes to them. > The best fix would be to correct that. > > Has anyone else encountered this situation? Is there any more > information I should provide to help with investigations? Does anyone > have other ideas for workarounds? The networkUpdate() method in libvirt source will recreate firewall rules if any DHCP hosts change. This is because the firewall rules differ when there is zero vs non-zero number of DHCP hosts present. This could be optimized to only recreate when going from zero to non-zero or vica-verca. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
