Re: [libvirt] [PATCH] nwfilter: report if ip(6)tables rules would not be effective

On 09/23/2010 09:53 AM, Stefan Berger wrote: > The patch below reports a warning in the log if the generated > ip(6)tables rules would not be effective due to the proc filesystem > entries > > /proc/sys/net/bridge/bridge-nf-call-iptables > /proc/sys/net/bridge/bridge-nf-call-ip6tables > > containing a '0'. The warning tells the user what to do. I am > rate-limiting the warning message to appear only every 10 seconds. ACK; looks like a reasonable way to warn about the issue, leaving the resolution in the user's hands to either update the kernel state or rewrite their nwfilter rules to not rely on iptables.