[libvirt] [PATCH] nwfilter: add XML attribute to control match target
Daniel P. Berrange
berrange at redhat.com
Fri Jun 11 14:53:31 UTC 2010
On Fri, Jun 11, 2010 at 10:41:50AM -0400, Stefan Berger wrote:
> This patch adds an optional XML attribute to a nwfilter rule to give the
> user control over whether the rule is supposed to be using the match
> target or not. A rule may now look like as follows with the nomatch
> attribute either having value '1' or 'true' (case-insensitive).
>
> [...]
> <rule action='accept' direction='in' nomatch='true'>
Having inverted boolean flags is a little wierd. Can't this
be written as match=false instead ?
> <tcp srcmacaddr='1:2:3:4:5:6'
> srcipaddr='10.1.2.3' srcipmask='32'
> dscp='33'
> srcportstart='20' srcportend='21'
> dstportstart='100' dstportend='1111'/>
> </rule>
> [...]
>
> I am also extending the nwfilter schema and add this attribute to a test
> case.
I'm not sure I really understand what this is doing. Can you give a
quick example of what the iptables command looks like, with and
without the nomatch attribute set
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list