[libvirt] [PATCH] nwfilter: cut off connections after changing filters
Eric Blake
eblake at redhat.com
Wed Oct 13 22:01:54 UTC 2010
On 10/13/2010 11:53 AM, Stefan Berger wrote:
> did previously not cut off existing (ssh) connections but only prevented
> newly initiated ones. The attached patch allows to cut off existing
> connections as well, thus enforcing what the filter is showing.
>
>
> +
> +static void
> +iptablesEnforceDirection(int directionIn,
> + virNWFilterRuleDefPtr rule,
> + virBufferPtr buf)
> +{
> + if (rule->tt != VIR_NWFILTER_RULE_DIRECTION_INOUT)
> + virBufferVSprintf(buf, " -m conntrack --ctdir %s",
> + (directionIn) ? "Original"
> + : "Reply");
> +}
ACK.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
More information about the libvir-list
mailing list