Well, it depends on how you edit the security_group.py script, it certainly wouldn't have to open up everything. You could add a one-liner in there that would pass the instance name to a separate script that looked up the vm in a table or database and applied extra rules (in post_default_network_rules), maybe adding something like:
"ebtables -t nat -I " + vmchain_in + " -p ARP --arp-ip-src " + secondary_vm_ip + " -j ACCEPT" etc. Although, that might not be fun to maintain. It would probably be easier to use the libvirt hooks: http://www.libvirt.org/hooks.html To call your script whenever a vm starts or stops. You would accept the guest name as an argument to your script, and then that script could look up secondary IPs in a table, from a database or file, adding them to the ebtables chain of the same guest name. On Mon, Aug 19, 2013 at 8:03 PM, Maurice Lawler <maurice.law...@me.com> wrote: > Greetings, > > Does anyone have experience in adding a secondary IP address (by way of > altering the ebtables / security script) in basic networking mode (KVM) > > I have reviewed the script that is called to setup the ebtables, but if I > alter that, I would believe that would open all ports on all my instances. I > just simply want the easy ability to add a secondary IP address. > > I understand this is a feature coming in 4.2, but I also understand this > version is a ways out. > > Any assistance would be GREATLY appreciated! > > - Maurice
