[
https://issues.apache.org/jira/browse/CLOUDSTACK-1164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15858049#comment-15858049
]
Wido den Hollander commented on CLOUDSTACK-1164:
------------------------------------------------
Not yet implemented. Still very much wanted, but it will require a complete
rewrite of the code on the KVM Agent.
In addition I have no way how to do a clean migration for running VMs when the
Agent is upgraded.
> Use libvirt for security groups for KVM
> ---------------------------------------
>
> Key: CLOUDSTACK-1164
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1164
> Project: CloudStack
> Issue Type: Wish
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Hypervisor Controller, KVM
> Affects Versions: 4.0.0, 4.1.0
> Reporter: Wido den Hollander
> Labels: kvm, libvirt, security-groups
> Fix For: Future
>
>
> The current implementation for the security groups uses a custom Python
> script which applies iptable and ebtable rules to the hypervisor.
> Libvirt also supports this with network filters:
> http://libvirt.org/formatnwfilter.html
> It might be cleaner to do this via libvirt, but the downside is that a lot of
> functions are only supported by libvirt 0.9.8 and higher.
> This might not be possible at this moment, but it might be worth a shot at a
> later stadium.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
