--with-iptables-prefix was added to integrate with a proposed system for letting iptables know how to reload our rules. The idea was that we'd add our rules to a chain like libvirt-INPUT rather than INPUT, and there'd be a configuration file which would specify whether INPUT should include libvirt-INPUT. The proposed system wasn't accepted so, although there might be some other theoretical use for this, let's just remove it. Signed-off-by: Mark McLoughlin Index: libvirt/configure.in =================================================================== --- libvirt.orig/configure.in 2008-01-04 14:51:29.000000000 +0000 +++ libvirt.orig/configure.in 2008-01-04 14:51:29.000000000 +0000 @@ -183,16 +183,6 @@ AM_CONDITIONAL(LIBVIRT_INIT_SCRIPTS_RED_ AC_MSG_RESULT($with_init_scripts) dnl -dnl allow the creation of iptables rules in chains with a -dnl specific prefix rather than in the standard toplevel chains -dnl -AC_ARG_WITH(iptables-prefix, - AC_HELP_STRING([--with-iptables-prefix=prefix], - [prefix used for iptables chains, default is to use standard toplevel chains]), - [IPTABLES_PREFIX=$withval]) -AC_DEFINE_UNQUOTED(IPTABLES_PREFIX, "$IPTABLES_PREFIX", [prefix used for iptables chains]) - -dnl dnl also support saving the various chains to files dnl in e.g. /etc/sysconfig/iptables.d dnl Index: libvirt/src/iptables.c =================================================================== --- libvirt.orig/src/iptables.c 2008-01-04 15:17:18.000000000 +0000 +++ libvirt.orig/src/iptables.c 2008-01-04 15:17:18.000000000 +0000 @@ -636,13 +636,13 @@ iptablesContextNew(void) if (!(ctx = calloc(1, sizeof (*ctx)))) return NULL; - if (!(ctx->input_filter = iptRulesNew("filter", IPTABLES_PREFIX "INPUT"))) + if (!(ctx->input_filter = iptRulesNew("filter", "INPUT"))) goto error; - if (!(ctx->forward_filter = iptRulesNew("filter", IPTABLES_PREFIX "FORWARD"))) + if (!(ctx->forward_filter = iptRulesNew("filter", "FORWARD"))) goto error; - if (!(ctx->nat_postrouting = iptRulesNew("nat", IPTABLES_PREFIX "POSTROUTING"))) + if (!(ctx->nat_postrouting = iptRulesNew("nat", "POSTROUTING"))) goto error; return ctx; --