[libvirt] [PATCH 00/26] Rewrite firewall code to use formal API
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Apr 15 11:40:41 UTC 2014
On 04/15/2014 04:29 AM, Daniel P. Berrange wrote:
> On Mon, Apr 14, 2014 at 04:47:50PM -0400, Stefan Berger wrote:
>> On 04/08/2014 11:37 AM, Daniel P. Berrange wrote:
>>> Currently we have three places which interact with the firewall
>>>
>>> - util/virebtables - simple MAC filtering used by QEMU driver
>>> - util/viriptables - used by network driver
>>> - nwfilter - general purpose guest filtering
>> Oh my, so much work! -- Thanks
>>
>> I'll review as much as I can.
> Thanks, I appreciate any review you can do particularly of the big
> nwfilter patches, since you're main expert in that area.
Some of the patches are so involved that besides looking at them I'll
mostly have to rely on the TCK tests to see whether they still pass. The
TCK tests unfortunately also need updating due to recent changes in the
code (elimination of the source MAC tests in recent patches) as well as
different output by the ip6tables command related to IPv6 addresses.
Regards,
Stefan
More information about the libvir-list
mailing list