> Also,I would like to add dynamic tap rules on vm start/stop,to reduce rules > when > vm are offline migrated to another host. > what do you think about it ?
Yes, we can update firewall rules whenever we start/stop a VM. > Currently we don't have a qemu pve-bridge stop script. we don't really need an external script, instead we can directly setup the firewall inside the API handler. We need that for hotplug anyways? > Even with it, if the vm is > crashing,the script is not launched. This is only an optimization, so we can safely ignore that case? > I don't known if it's possible to use magic udev rules to intercept tap > interface > destroy and delete iptables rules dynamically ? no, I don't like to use such things. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
