[libvirt] [PATCH] Add support for firewalld
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Apr 24 14:20:32 UTC 2012
On 04/23/2012 05:11 PM, Thomas Woerner wrote:
> Add support for firewalld
>
> * bridge_driver, nwfilter_driver: new dbus filters to get FirewallD1.Reloaded
> signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1
> * iptables, ebtables, nwfilter_ebiptables_driver: use firewall-cmd direct
> passthrough interface
After some more massaging of the nwfilter code, my suggestion would now
be to split this patch up into two parts, one touching the nwfilter
driver, the other (1st) part for the rest. I did a lot of changes in the
nwfilter driver that I can send you and you may want to merge or I can
merge it with your nwfilter-related code changes.
It seems to be working when using the firewall-cmd, but unfortunately
running the TCK test suite for example is like 8 times slower when using
firewalld. Also the VM startup times have significantly increased. :-((
Is this scheduled to be included in the next libvirt release ? I guess
architecturally it also is needed for FC 17, so is the plan then to
include the latest version of libvirt with firewalld support in FC17?
Stefan
More information about the libvir-list
mailing list