--with-iptables-dir was added to integrate with a proposed system for letting iptables know how to reload our rules. The idea was that we'd save our rules to a file under /etc/sysconfig/iptable.d and the iptables init script would load the rules from there when it was reloading. The proposed system wasn't accepted so, although there might be some theoretical use for this other than the lokkit support, let's just remove it for now. Signed-off-by: Mark McLoughlin Index: libvirt/configure.in =================================================================== --- libvirt.orig/configure.in 2008-01-04 15:24:39.000000000 +0000 +++ libvirt.orig/configure.in 2008-01-04 15:24:39.000000000 +0000 @@ -183,18 +183,6 @@ AM_CONDITIONAL(LIBVIRT_INIT_SCRIPTS_RED_ AC_MSG_RESULT($with_init_scripts) dnl -dnl also support saving the various chains to files -dnl in e.g. /etc/sysconfig/iptables.d -dnl -AC_ARG_WITH(iptables-dir, - AC_HELP_STRING([--with-iptables-dir=path], - [directory used to save iptables chains, defaults to not saving]), - [IPTABLES_DIR=$withval]) -if test x"$IPTABLES_DIR" != "x"; then - AC_DEFINE_UNQUOTED(IPTABLES_DIR, "$IPTABLES_DIR", [directory used for saving iptables chains]) -fi - -dnl dnl ensure that Fedora's system-config-firewall knows dnl about libvirt's iptables rules dnl Index: libvirt/src/iptables.c =================================================================== --- libvirt.orig/src/iptables.c 2008-01-04 15:25:07.000000000 +0000 +++ libvirt.orig/src/iptables.c 2008-01-04 15:25:07.000000000 +0000 @@ -48,11 +48,6 @@ #define qemudLog(level, msg...) fprintf(stderr, msg) -#ifdef ENABLE_IPTABLES_LOKKIT -#undef IPTABLES_DIR -#define IPTABLES_DIR LOCAL_STATE_DIR "/lib/libvirt/iptables" -#endif - enum { ADD = 0, REMOVE @@ -78,12 +73,12 @@ typedef struct int nrules; iptRule *rules; -#ifdef IPTABLES_DIR +#ifdef ENABLE_IPTABLES_LOKKIT char dir[PATH_MAX]; char path[PATH_MAX]; -#endif /* IPTABLES_DIR */ +#endif /* ENABLE_IPTABLES_LOKKIT */ } iptRules; @@ -137,7 +132,6 @@ iptablesSpawn(int errors, char * const * return (WIFEXITED(status) && WEXITSTATUS(status) == 0) ? 0 : EINVAL; } -#ifdef IPTABLES_DIR #ifdef ENABLE_IPTABLES_LOKKIT static void notifyRulesUpdated(const char *table, @@ -238,7 +232,6 @@ notifyRulesRemoved(const char *table, #undef MAX_FILE_LEN } -#endif /* ENABLE_IPTABLES_LOKKIT */ static int writeRules(const char *path, @@ -286,7 +279,7 @@ writeRules(const char *path, return 0; } -#endif /* IPTABLES_DIR */ +#endif /* ENABLE_IPTABLES_LOKKIT */ static void iptRuleFree(iptRule *rule) @@ -328,7 +321,7 @@ iptRulesAppend(iptRules *rules, rules->nrules++; -#ifdef IPTABLES_DIR +#ifdef ENABLE_IPTABLES_LOKKIT { int err; @@ -339,12 +332,9 @@ iptRulesAppend(iptRules *rules, return err; } -#ifdef ENABLE_IPTABLES_LOKKIT notifyRulesUpdated(rules->table, rules->path); #endif /* ENABLE_IPTABLES_LOKKIT */ -#endif /* IPTABLES_DIR */ - return 0; } @@ -369,7 +359,7 @@ iptRulesRemove(iptRules *rules, rules->nrules--; -#ifdef IPTABLES_DIR +#ifdef ENABLE_IPTABLES_LOKKIT { int err; @@ -377,15 +367,12 @@ iptRulesRemove(iptRules *rules, return err; } -#ifdef ENABLE_IPTABLES_LOKKIT if (rules->nrules > 0) notifyRulesUpdated(rules->table, rules->path); else notifyRulesRemoved(rules->table, rules->path); #endif /* ENABLE_IPTABLES_LOKKIT */ -#endif /* IPTABLES_DIR */ - return 0; } @@ -415,10 +402,10 @@ iptRulesFree(iptRules *rules) rules->nrules = 0; } -#ifdef IPTABLES_DIR +#ifdef ENABLE_IPTABLES_LOKKIT rules->dir[0] = '\0'; rules->path[0] = '\0'; -#endif /* IPTABLES_DIR */ +#endif /* ENABLE_IPTABLES_LOKKIT */ free(rules); } @@ -441,13 +428,14 @@ iptRulesNew(const char *table, rules->rules = NULL; rules->nrules = 0; -#ifdef IPTABLES_DIR - if (virFileBuildPath(IPTABLES_DIR, table, NULL, rules->dir, sizeof(rules->dir)) < 0) +#ifdef ENABLE_IPTABLES_LOKKIT + if (virFileBuildPath(LOCAL_STATE_DIR "/lib/libvirt/iptables", table, NULL, + rules->dir, sizeof(rules->dir)) < 0) goto error; if (virFileBuildPath(rules->dir, chain, ".chain", rules->path, sizeof(rules->path)) < 0) goto error; -#endif /* IPTABLES_DIR */ +#endif /* ENABLE_IPTABLES_LOKKIT */ return rules; --