[PATCH 0/8] run iptables directly rather than via firewalld
Daniel Henrique Barboza
danielhb413 at gmail.com
Tue Nov 24 12:02:16 UTC 2020
On 11/24/20 12:29 AM, Laine Stump wrote:
> The reasoning for this is explained in Patch 8/8
>
> Laine Stump (8):
> util: fix typo in VIR_MOCK_WRAP_RET_ARGS()
> util/tests: enable locking on iptables/ebtables commandlines in unit
> tests
> util/tests: enable locking on iptables/ebtables commandlines by
> default
> tests: fix iptables test case commandline options in virfirewalltest.c
> network: be more verbose about the reason for a firewall reload
> util: always check for ebtables/iptables binaries, even when using
> firewalld
> util: synchronize with firewalld before we start calling iptables
> directly
> util: call iptables directly rather than via firewalld
Series LGTM:
Reviewed-by: Daniel Henrique Barboza <danielhb413 at gmail.com>
>
> src/libvirt_private.syms | 2 +-
> src/network/bridge_driver.c | 10 +-
> src/util/virfirewall.c | 155 +++---
> src/util/virfirewall.h | 2 +-
> src/util/viriptables.c | 7 +
> tests/networkxml2firewalldata/base.args | 34 ++
> .../nat-default-linux.args | 19 +
> .../nat-ipv6-linux.args | 30 ++
> .../nat-ipv6-masquerade-linux.args | 34 ++
> .../nat-many-ips-linux.args | 33 ++
> .../nat-no-dhcp-linux.args | 29 ++
> .../nat-tftp-linux.args | 21 +
> .../route-default-linux.args | 14 +
> tests/networkxml2firewalltest.c | 2 -
> tests/nwfilterebiptablestest.c | 466 +++++++++---------
> .../ah-ipv6-linux.args | 9 +
> tests/nwfilterxml2firewalldata/ah-linux.args | 9 +
> .../all-ipv6-linux.args | 9 +
> tests/nwfilterxml2firewalldata/all-linux.args | 9 +
> tests/nwfilterxml2firewalldata/arp-linux.args | 5 +
> .../comment-linux.args | 19 +
> .../conntrack-linux.args | 7 +
> .../esp-ipv6-linux.args | 9 +
> tests/nwfilterxml2firewalldata/esp-linux.args | 9 +
> .../example-1-linux.args | 12 +
> .../example-2-linux.args | 10 +
> .../hex-data-linux.args | 10 +
> .../icmp-direction-linux.args | 6 +
> .../icmp-direction2-linux.args | 6 +
> .../icmp-direction3-linux.args | 6 +
> .../nwfilterxml2firewalldata/icmp-linux.args | 3 +
> .../icmpv6-linux.args | 4 +
> .../nwfilterxml2firewalldata/igmp-linux.args | 9 +
> tests/nwfilterxml2firewalldata/ip-linux.args | 3 +
> .../nwfilterxml2firewalldata/ipset-linux.args | 18 +
> .../ipt-no-macspoof-linux.args | 2 +
> .../nwfilterxml2firewalldata/ipv6-linux.args | 15 +
> .../nwfilterxml2firewalldata/iter1-linux.args | 9 +
> .../nwfilterxml2firewalldata/iter2-linux.args | 171 +++++++
> .../nwfilterxml2firewalldata/iter3-linux.args | 15 +
> tests/nwfilterxml2firewalldata/mac-linux.args | 4 +
> .../nwfilterxml2firewalldata/rarp-linux.args | 6 +
> .../sctp-ipv6-linux.args | 9 +
> .../nwfilterxml2firewalldata/sctp-linux.args | 9 +
> tests/nwfilterxml2firewalldata/stp-linux.args | 11 +
> .../target-linux.args | 33 ++
> .../target2-linux.args | 12 +
> .../tcp-ipv6-linux.args | 9 +
> tests/nwfilterxml2firewalldata/tcp-linux.args | 13 +
> .../udp-ipv6-linux.args | 9 +
> tests/nwfilterxml2firewalldata/udp-linux.args | 9 +
> .../udplite-ipv6-linux.args | 9 +
> .../udplite-linux.args | 9 +
> .../nwfilterxml2firewalldata/vlan-linux.args | 7 +
> tests/nwfilterxml2firewalltest.c | 146 +++---
> tests/virfirewalltest.c | 236 ++++-----
> 56 files changed, 1259 insertions(+), 514 deletions(-)
>
More information about the libvir-list
mailing list