[libvirt] [PATCH] nwfilter: also purge ip(6)tables rules before detecting IP address
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Nov 16 12:29:01 UTC 2010
Rather than only cleaning any remaining ebtables rules, also clean those
applied to iptables and ip6tables when detecting the IP address of an
interface. Previous applied iptables rules may hinder DHCP packets.
Signed-off-by: Stefan Berger <stefanb at us.ibm.com>
---
src/nwfilter/nwfilter_ebiptables_driver.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -117,6 +117,7 @@ static int ebtablesRemoveBasicRules(cons
static int ebiptablesDriverInit(void);
static void ebiptablesDriverShutdown(void);
static int ebtablesCleanAll(const char *ifname);
+static int ebiptablesAllTeardown(const char *ifname);
static virMutex execCLIMutex;
@@ -2942,7 +2943,7 @@ ebtablesApplyBasicRules(const char *ifna
virFormatMacAddr(macaddr, macaddr_str);
- ebtablesCleanAll(ifname);
+ ebiptablesAllTeardown(ifname);
ebtablesCreateTmpRootChain(&buf, 1, ifname, 1);
@@ -3041,7 +3042,7 @@ ebtablesApplyDHCPOnlyRules(const char *i
virFormatMacAddr(macaddr, macaddr_str);
- ebtablesCleanAll(ifname);
+ ebiptablesAllTeardown(ifname);
ebtablesCreateTmpRootChain(&buf, 1, ifname, 1);
ebtablesCreateTmpRootChain(&buf, 0, ifname, 1);
@@ -3143,7 +3144,7 @@ ebtablesApplyDropAllRules(const char *if
return 1;
}
- ebtablesCleanAll(ifname);
+ ebiptablesAllTeardown(ifname);
ebtablesCreateTmpRootChain(&buf, 1, ifname, 1);
ebtablesCreateTmpRootChain(&buf, 0, ifname, 1);
More information about the libvir-list
mailing list