[libvirt] [PATCH 15/26] Convert ebtables code over to use firewall APIs
Stefan Berger
stefanb at linux.vnet.ibm.com
Tue Apr 15 22:15:03 UTC 2014
On 04/08/2014 11:38 AM, Daniel P. Berrange wrote:
> Convert the virebtables.{c,h} files to use the new virFirewall
> APIs for changing ebtables rules.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
>
> /**
> * ebtablesContextNew:
> *
> @@ -216,12 +89,30 @@ ebtablesContextFree(ebtablesContext *ctx)
> int
> ebtablesAddForwardPolicyReject(ebtablesContext *ctx)
> {
> - ebtablesAddRemoveRule("--new-chain", ctx->chain, NULL,
> - NULL);
> - ebtablesAddRemoveRule("--insert", "FORWARD", "--jump",
> - ctx->chain, NULL);
> - return ebtablesAddRemoveRule("-P", ctx->chain, "DROP",
> - NULL);
> + virFirewallPtr fw = NULL;
> + int ret = -1;
> +
> + fw = virFirewallNew();
> + virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
Ignoring errors because the ebtablesAdd* calls above ignored them as
well... makes sense.
> + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
> + "--new-chain", ctx->chain,
> + NULL);
> + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
> + "--insert", "FORWARD",
> + "--jump", ctx->chain, NULL);
> +
> + virFirewallStartTransaction(fw, 0);
> + virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
> + "-P", ctx->chain, "DROP",
> + NULL);
> +
> + if (virFirewallApply(fw) < 0)
> + goto cleanup;
> +
> + ret = 0;
> + cleanup:
> + virFirewallFree(fw);
> + return ret;
> }
ACK
More information about the libvir-list
mailing list