clone 636712 -1 retitle -1 libvirt-bin: please provide README.ifupdown for network integration severity -1 wishlist thanks
Hi there! On Tue, 09 Aug 2011 00:47:28 +0200, Guido Günther wrote: > On Fri, Aug 05, 2011 at 05:05:23PM +0200, Luca Capello wrote: >> I would like to add network filters [1] to accept various kind of >> incoming traffics (e.g. HTTP) and thus I read the documentation at: >> >> <http://libvirt.org/formatnwfilter.html> >> >> [1] despite myself not being a firewall guru, I fail to understand why >> we need yet another format to define filters instead of using the >> iptables syntax by default or adding something like the ifupdown's >> options (in this case post-up and pre-down)... > > Getting the variable replacements and priorities implemented is easier > with XML. To which I fully agree, I just do not see the point in having multiple formats in general (thus not specific to Debian or libvirt): this is the third I know, after barebone iptables/ifupdown and OpenWrt's UCI [a]. [a] <http://wiki.openwrt.org/doc/uci> > I agree that having this better integrated into ifupdown would be nice > though. I cloned the bug, please follow-up on the new one given that I am working on it :-) The major problem IMHO is to identify both the network interface and the IP, given that with the default configuration all virtual interfaces belong to the same bridge. In case we would also want the MAC address, `man interfaces` contains the following hint: See the get-mac-address.sh script in the examples directory for an example of such a mapping script. See also Debian bug #101728. Once these information are available, the /e/n/i stanza should be the following (if I have correctly read `man interfaces`): allow-hotplug vnet0 iface vnet0 inet manual post-up /path/to/your/script.sh up pre-down /path/to/your/script.sh down Leave me some more tests and I should come up with a polished and tested README.ifupdown ;-) Thx, bye, Gismo / Luca
pgpVRRD4YGu3G.pgp
Description: PGP signature
