[PATCH 0/8] run iptables directly rather than via firewalld
Laine Stump
laine at redhat.com
Tue Nov 24 03:29:56 UTC 2020
The reasoning for this is explained in Patch 8/8
Laine Stump (8):
util: fix typo in VIR_MOCK_WRAP_RET_ARGS()
util/tests: enable locking on iptables/ebtables commandlines in unit
tests
util/tests: enable locking on iptables/ebtables commandlines by
default
tests: fix iptables test case commandline options in virfirewalltest.c
network: be more verbose about the reason for a firewall reload
util: always check for ebtables/iptables binaries, even when using
firewalld
util: synchronize with firewalld before we start calling iptables
directly
util: call iptables directly rather than via firewalld
src/libvirt_private.syms | 2 +-
src/network/bridge_driver.c | 10 +-
src/util/virfirewall.c | 155 +++---
src/util/virfirewall.h | 2 +-
src/util/viriptables.c | 7 +
tests/networkxml2firewalldata/base.args | 34 ++
.../nat-default-linux.args | 19 +
.../nat-ipv6-linux.args | 30 ++
.../nat-ipv6-masquerade-linux.args | 34 ++
.../nat-many-ips-linux.args | 33 ++
.../nat-no-dhcp-linux.args | 29 ++
.../nat-tftp-linux.args | 21 +
.../route-default-linux.args | 14 +
tests/networkxml2firewalltest.c | 2 -
tests/nwfilterebiptablestest.c | 466 +++++++++---------
.../ah-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/ah-linux.args | 9 +
.../all-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/all-linux.args | 9 +
tests/nwfilterxml2firewalldata/arp-linux.args | 5 +
.../comment-linux.args | 19 +
.../conntrack-linux.args | 7 +
.../esp-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/esp-linux.args | 9 +
.../example-1-linux.args | 12 +
.../example-2-linux.args | 10 +
.../hex-data-linux.args | 10 +
.../icmp-direction-linux.args | 6 +
.../icmp-direction2-linux.args | 6 +
.../icmp-direction3-linux.args | 6 +
.../nwfilterxml2firewalldata/icmp-linux.args | 3 +
.../icmpv6-linux.args | 4 +
.../nwfilterxml2firewalldata/igmp-linux.args | 9 +
tests/nwfilterxml2firewalldata/ip-linux.args | 3 +
.../nwfilterxml2firewalldata/ipset-linux.args | 18 +
.../ipt-no-macspoof-linux.args | 2 +
.../nwfilterxml2firewalldata/ipv6-linux.args | 15 +
.../nwfilterxml2firewalldata/iter1-linux.args | 9 +
.../nwfilterxml2firewalldata/iter2-linux.args | 171 +++++++
.../nwfilterxml2firewalldata/iter3-linux.args | 15 +
tests/nwfilterxml2firewalldata/mac-linux.args | 4 +
.../nwfilterxml2firewalldata/rarp-linux.args | 6 +
.../sctp-ipv6-linux.args | 9 +
.../nwfilterxml2firewalldata/sctp-linux.args | 9 +
tests/nwfilterxml2firewalldata/stp-linux.args | 11 +
.../target-linux.args | 33 ++
.../target2-linux.args | 12 +
.../tcp-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/tcp-linux.args | 13 +
.../udp-ipv6-linux.args | 9 +
tests/nwfilterxml2firewalldata/udp-linux.args | 9 +
.../udplite-ipv6-linux.args | 9 +
.../udplite-linux.args | 9 +
.../nwfilterxml2firewalldata/vlan-linux.args | 7 +
tests/nwfilterxml2firewalltest.c | 146 +++---
tests/virfirewalltest.c | 236 ++++-----
56 files changed, 1259 insertions(+), 514 deletions(-)
--
2.28.0
More information about the libvir-list
mailing list