[libvirt] [PATCH] nwfilter: enable rejection of packets

Laine Stump laine at laine.org
Fri Feb 18 16:48:13 UTC 2011


On 02/18/2011 09:56 AM, Stefan Berger wrote:
> This patch adds the possibility to not just drop packets, but to also 
> have them rejected where iptables at least sends an ICMP msg back to 
> the originator. On ebtables this again maps into dropping packets 
> since rejecting is not supported.
>
> I am adding 'since 0.8.9' to the docs assuming this will be the next 
> version of libvirt.
>
> Signed-off-by: Stefan Berger <stefanb at us.ibm.com>
>
> ---
>  docs/formatnwfilter.html.in               |    8 +++++---
>  docs/schemas/nwfilter.rng                 |    1 +
>  src/conf/nwfilter_conf.c                  |    6 ++++--
>  src/conf/nwfilter_conf.h                  |    1 +
>  src/nwfilter/nwfilter_ebiptables_driver.c |   15 +++++++++++++--
>  5 files changed, 24 insertions(+), 7 deletions(-)

ACK. I haven't run it, but it all looks reasonable.




More information about the libvir-list mailing list