[libvirt] [PATCH] bugfix: ip6tables rule removal
Eric Blake
eblake at redhat.com
Tue Oct 30 22:08:06 UTC 2012
On 10/30/2012 03:18 PM, Gene Czarcinski wrote:
> Three FORWARD chain rules are added and two INPUT chain rules
> are added when a network is started but only the FORWARD chain
> rules are removed when the network is destroyed.
> ---
> src/network/bridge_driver.c | 2 ++
> 1 file changed, 2 insertions(+)
ACK and pushed.
>
> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> index f814f6f..3dbf009 100644
> --- a/src/network/bridge_driver.c
> +++ b/src/network/bridge_driver.c
> @@ -1578,6 +1578,8 @@ networkRemoveGeneralIp6tablesRules(struct network_driver *driver,
> if (!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0))
> return;
>
> + iptablesRemoveUdpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
> + iptablesRemoveTcpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
> iptablesRemoveForwardAllowCross(driver->iptables, AF_INET6, network->def->bridge);
> iptablesRemoveForwardRejectIn(driver->iptables, AF_INET6, network->def->bridge);
> iptablesRemoveForwardRejectOut(driver->iptables, AF_INET6, network->def->bridge);
>
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 617 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20121030/67482987/attachment-0001.sig>
More information about the libvir-list
mailing list