Thanks Tom, Justin,
Bug #227011 explains what I'm experiencing.
This technology has great potential to be used in mission-critical systems,
but issues like this one might be holding back its success.
I hope a suitable solution can be found soon ...
2010/1/25 Justin M. Forbes <jmforbes(a)linuxtx.org>
On Mon, Jan 25, 2010 at 07:58:05PM +0000, Daniel Sanabria wrote:
> Hi All,
> I noticed that if I turn on the libvirtd service via chkconfig it ends up
> breaking my iptables by adding duplicated rules.
> Has anyone experienced this? Is there another file that libvirtd uses to
> manipulate iptables?
libvirt has no sane was of integrating with iptables
We simply need a way to say to iptables "we've added these rules, please
load them when you restart" without overwriting the current configuration.
We also need lokkit/system-config-firewall to not overwrite these rules
the user modifies the configuration.
The whole sorry saga is well documented in bug #227011