Open Stack

Hi,

We have a need to add additional network filters to the nova-base filter list.  For one additional case, we would also like to add an additional filter to specific instances.  I would like to propose a change to nova/virt/libvirt/firewall.py.  I'm thinking that these custom network filter definitions could be defined in individual files and the use of the filters could be controlled through nova.conf.  As a proof a concept,  I added some code to NWFilterFirewall:setup_basic_filtering which reads the list of custom filters as defined in nova.conf and sets up the filters depending on the filter definition.  Each filter definition requires 3 functions:

get_filter() would return the XML definition of the nwfilter
get_filter_name() would return the string name of the filter
apply_filter(instance) would return True/False if the filter is to be applied to the given instance

nova.conf would contain something like...

--custom_nwfilters=nova.virt.libvirt.myfilter1, nova.virt.libvirt.myfilter2

Is this something that would be of general interest to be checked in to trunk?  Any implementation suggestions or other comments would be welcome.

Ed



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130117/c724150b/attachment.html>