On Wed, Dec 08, 2010 at 03:53:34AM +0100, Matej Cepl wrote: > Dne 7.12.2010 22:30, Richard W.M. Jones napsal(a): > > The issue we face with libvirt is it needs to be able to add extra > > rules to the existing firewall, and have those rules added in the > > right place, and preserved across firewall restarts, reboots and so > > on. There are other services which need to add rules too (see cups > > mentioned previously in this thread). > > a) libvirt somehow manages to work just fine on my computer even with my > script, so why to change it? libvirtd (the daemon) does currently add firewall rules, and those rules are necessary. If you restart the iptables service, or otherwise drop those rules, all your guests will lose their network. Either you're not using libvirtd, not running guests, or not rerunning your firewall script. In any case, a fixed shell script is not flexible enough for libvirt and some other services. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel