[PATCH 3/3] doc: document new filters and not documented ones

Aleksandr Alekseev alexander.alekseev at virtuozzo.com
Thu Oct 22 18:15:52 UTC 2020

Signed-off-by: Aleksandr Alekseev <alexander.alekseev at virtuozzo.com>
 docs/firewall.html.in       |  9 ++++++++
 docs/formatnwfilter.html.in | 41 ++++++++++++++++++++++++++++++++++---
 2 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/docs/firewall.html.in b/docs/firewall.html.in
index 62f37e0eea..15b4f397be 100644
--- a/docs/firewall.html.in
+++ b/docs/firewall.html.in
@@ -283,12 +283,21 @@ UUID                                  Name
 15b1ab2b-b1ac-1be2-ed49-2042caba4abb  allow-arp
 6c51a466-8d14-6d11-46b0-68b1a883d00f  allow-dhcp
 7517ad6c-bd90-37c8-26c9-4eabcb69848d  allow-dhcp-server
+7680776c-77aa-496f-90d6-13097664b925  allow-dhcpv6
+9cdaad60-7631-4172-8ccb-ef774be7485b  allow-dhcpv6-server
 3d38b406-7cf0-8335-f5ff-4b9add35f288  allow-incoming-ipv4
+908543c1-902e-45f6-a6ca-1a0ad35e7599  allow-incoming-ipv6
 5ff06320-9228-2899-3db0-e32554933415  allow-ipv4
+ce8904cc-ad3a-4454-896c-53452882f817  allow-ipv6
 db0b1767-d62b-269b-ea96-0cc8b451144e  clean-traffic
+6d6ddcc8-1242-4c43-ac63-63af80493132  clean-traffic-gateway
+4cf38077-c7d5-4e25-99bb-6c4c9efad294  no-arp-ip-spoofing
+0b11a636-ce58-497f-be90-17f63c92487a  no-arp-mac-spoofing
 f88f1932-debf-4aa1-9fbe-f10d3aa4bc95  no-arp-spoofing
 772f112d-52e4-700c-0250-e178a3d91a7a  no-ip-multicast
 7ee20370-8106-765d-f7ff-8a60d5aaf30b  no-ip-spoofing
+f8a51c43-a08f-49b3-b9e2-393d54522dc0  no-ipv6-multicast
+a7f0afe9-a428-44b8-8566-c8ee2a669271  no-ipv6-spoofing
 d5d3c490-c2eb-68b1-24fc-3ee362fc8af3  no-mac-broadcast
 fb57c546-76dc-a372-513f-e8179011b48a  no-mac-spoofing
 dba10ea7-446d-76de-346f-335bd99c1d05  no-other-l2-traffic
diff --git a/docs/formatnwfilter.html.in b/docs/formatnwfilter.html.in
index 796c16549d..04aeda06ec 100644
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -467,8 +467,7 @@ DSTPORTS = [ 80, 8080 ]
          <td> IPV6 </td>
-         <td> Not currently implemented:
-              the list of IPV6 addresses in use by an interface </td>
+         <td> The list of IPV6 addresses in use by an interface </td>
          <td> DHCPSERVER </td>
@@ -2011,11 +2010,35 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
               only allows ARP request and reply messages and enforces
               that those packets contain the MAC and IP addresses
               of the VM.</td>
+      </tr>
+       <tr>
+         <td> allow-arp </td>
+         <td> Allow ARP traffic in both directions</td>
+      </tr>
+       <tr>
+         <td> allow-ipv4 </td>
+         <td> Allow IPv4 traffic in both directions</td>
+      </tr>
+       <tr>
+         <td> allow-ipv6 </td>
+         <td> Allow IPv6 traffic in both directions</td>
+      </tr>
+       <tr>
+         <td> allow-incoming-ipv4 </td>
+         <td> Allow incoming IPv4 traffic</td>
+      </tr>
+       <tr>
+         <td> allow-incoming-ipv6 </td>
+         <td> Allow incoming IPv6 traffic</td>
          <td> allow-dhcp </td>
          <td> Allow a VM to request an IP address via DHCP (from any
               DHCP server)</td>
+      </tr>
+       <tr>
+         <td> allow-dhcpv6 </td>
+         <td> Similar to allow-dhcp, but for DHCPv6 </td>
          <td> allow-dhcp-server </td>
@@ -2023,16 +2046,28 @@ echo 3 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout
               DHCP server. The dotted decimal IP address of the DHCP
               server must be provided in a reference to this filter.
               The name of the variable must be <i>DHCPSERVER</i>.</td>
+      </tr>
+       <tr>
+         <td> allow-dhcpv6-server </td>
+         <td> Similar to allow-dhcp-server, but for DHCPv6 </td>
          <td> no-ip-spoofing </td>
-         <td> Prevent a VM from sending of IP packets with
+         <td> Prevent a VM from sending of IPv4 packets with
               a source IP address different from the one
               in the packet. </td>
+      </tr>
+       <tr>
+         <td> no-ipv6-spoofing </td>
+         <td> Similar to no-ip-spoofing, but for IPv6 </td>
          <td> no-ip-multicast </td>
          <td> Prevent a VM from sending IP multicast packets. </td>
+      </tr>
+       <tr>
+         <td> no-ipv6-multicast </td>
+         <td> Similar to no-ip-multicast, but for IPv6 </td>
          <td> clean-traffic </td>

More information about the libvir-list mailing list