libvirt doesn't have that currently, but that's the sort of better solution I had in mind; I'll talk to them about it. Thanks! On Fri, Feb 21, 2025 at 03:50:37PM -0800, Robin Powell wrote: > libvirt doesn't have that currently, but that's the sort of better solution > I had in mind; I'll talk to them about it. > > On Fri, Feb 21, 2025 at 9:18 AM Slavko <linux@xxxxxxxxxx> wrote: > > > Hi, > > > > On 21. februára 2025 15:40:51 UTC, robinleepowell@xxxxxxxxx wrote: > > > > >So my question is, what *should* happen here? As far as I can tell, > > >there is absolutely nothing the libvirt tooling can do to override > > >my reject. I can't jump between tables so I can't do like "jump > > >libvert_inp" in my chain. What's the right move? Options I've > > >thought of; I'm hoping there's something better: > > > > Basicaly, you can "overide" reject in two steps: > > > > 1. mark packets accepted by libvirt (or generaly in any other rule) > > 2. exlude these marks from your reject > > > > You must check in libvirt docs, If it is able to set some mark... > > > > regards > > > > > > -- > > Slavko > > https://www.slavino.sk/ > > > >
