On Mon, May 08, 2017 at 11:30:46AM -0400, Nicolas Bock wrote: > On Mon, May 08, 2017 at 03:35:19PM +0100, Daniel P. Berrange wrote: > > On Sat, May 06, 2017 at 08:09:49PM -0400, Dan wrote: > > > On Fri, May 5, 2017 at 4:29 PM, Nicolas Bock <nicolasb...@gmail.com> > > > wrote: > > > > > > > Hi, > > > > > > > > I am running a webserver on the libvirt host and would like to add a > > > > nwfilter such that a VM can access that server. The corresponding > > > > iptables > > > > rule would look like this: > > > > > > > > iptables --append INPUT --in-interface virbr0 --destination > > > > 192.168.122.1 > > > > --protocol tcp --dport 80 --jump ACCEPT > > > > > > > > where the network is using virbr0 and sits at 192.168.122.1. I don't > > > > want > > > > to hardcode the host IP address in the nwfilter so that I can use that > > > > filter for other networks. Is it possible to reference the host's IP > > > > address in the filter? > > > > There is a pre-defined parameter for the VM's own IP address: > > > > http://libvirt.org/formatnwfilter.html#nwfelemsRulesAdvIPAddrDetection > > > > but we don't have anything for the host's IP address. We could fairly > > easily add it though I reckon - eg provide a HOST_IP parameter. > > Thanks Daniel.
BTW, please don't misinterpret this to mean i'm going to actually implement this myself. I mostly meant a) file a RFE bug report against libvirt's upstream bug tracker b) if you feel motivated to look at it, you could try writing a patch for libvirt and submit it :-) Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
