[libvirt PATCH 0/2] network: force re-creation of iptables private chains on firewalld restart
Daniel P. Berrangé
berrange at redhat.com
Mon May 11 09:43:50 UTC 2020
On Thu, May 07, 2020 at 10:51:12PM -0400, Laine Stump wrote:
> Details are in the commit log of patch 2. Essentially, we've been
> careful to only create the iptables chains once per run, because it's
> very expensive, but when firewalld is restarted, it removes our
> chains, so we need to put them back.
>
> I think this may have been a problem as far back as libvirt 5.1.0,
> when we began putting our iptables rules into private chains.
>
>
> Laine Stump (2):
> network: make it safe to call networkSetupPrivateChains() multiple
> times
> network: force re-creation of iptables private chains on firewalld
> restart
>
> src/network/bridge_driver.c | 16 +++---
> src/network/bridge_driver_linux.c | 77 ++++++++++++++++++----------
> src/network/bridge_driver_nop.c | 3 +-
> src/network/bridge_driver_platform.h | 2 +-
> 4 files changed, 62 insertions(+), 36 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list