On Sun, Oct 06, 2013 at 07:25:50PM -0400, Matthew Miller wrote: > On Sun, Oct 06, 2013 at 11:32:13PM +0200, Lennart Poettering wrote: > > Or in other words: I don't think it makes much sense to turn this on > > only at runtime inside the service file as matthew suggests, as it hides > > the fact that the setting is made, makes it hard for admins to discover > > and override it, and creates the assumption that the package would turn > > off the setting safely again after the daemon exited, but which it > > doesn't and can't since it doesn't know if anything else still requires > > it. > > Hope that makes some sense, > > It does make some sense; overall I don't think there's a really good answer > here. In trying to figure out what's the most sensible given that, I looked > at what libvirt does, which is turn it on globally in exactly the hidden way > you suggest, and makes no attempt to restore it. I'm not really excited > about that, but apparently that's been the case for a while. Yeah, what libvirt does is really not very nice. If you want to use a routed networking setup though, I don't know of any better options for making this work. We really only wanted to enable forwarding from virbr0, to the LAN, but you can't toggle this per NIC afaick - you have to turn on the global ip_forwarding sysctl. Libvirt just turns it on when first creating its NAT'd device, which for most installs will be at boot time when libvirtd starts. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
