[libvirt] [PATCH] nwfilter: report if ip(6)tables rules would not be effective
Eric Blake
eblake at redhat.com
Fri Sep 24 16:01:37 UTC 2010
On 09/23/2010 09:53 AM, Stefan Berger wrote:
> The patch below reports a warning in the log if the generated
> ip(6)tables rules would not be effective due to the proc filesystem entries
>
> /proc/sys/net/bridge/bridge-nf-call-iptables
> /proc/sys/net/bridge/bridge-nf-call-ip6tables
>
> containing a '0'. The warning tells the user what to do. I am
> rate-limiting the warning message to appear only every 10 seconds.
ACK; looks like a reasonable way to warn about the issue, leaving the
resolution in the user's hands to either update the kernel state or
rewrite their nwfilter rules to not rely on iptables.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
More information about the libvir-list
mailing list