Re: [libvirt] [PATCH] * configura.ac, spec file: firewalld now defaults to enabled, depends on dbus * fixed comment for with_firewalld define * bridge_driver, nwfilter_driver: new dbus filters to get FirewallD1.Reloaded signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1 * iptables, ebtables, nwfilter_ebiptables_driver: use firewall-cmd direct passthrough interface * spec file changed as requested

On 08/13/2012 03:23 PM, Thomas Woerner wrote: ... Thomas, Sorry, I was on a (very long and involved) surprise phone call when you pinged me on IRC, so our discussion was abruptly cut short, and you were already offline by the time I got back to it. My opinion is that it makes sense if with_firewalld is enabled at compile time by default if with_dbus is also true. As long as an error would be generated if --with-firewalld is given in the configure commandline and dbus wasn't found (so if nothing is requested, give it if with_dbus is true, if --without-firewalld is given, don't include it no matter what, and if --with-firewalld is given and with_dbus isn't true, then generate an error. We can then decide at runtime whether or not to actually use the commands. You had mentioned on IRC the possibility of firewalld starting up after libvirt, or shutting down while libvirt is still running. The issue I see with that is that libvirt always cleans up after its iptables rules - if you destroy a libvirt network, it removes all the iptables rules. Likewise, when libvirtd is restarted, every rule for every network is deleted and re-added. What will happen if a network is started when firewalld isn't running, and then shutdown after firewalld is started? (i.e. rules were added with iptables) What about the opposite situation? And of course what about the situation where some of the networks have rules added by iptables, and some have rules added by firewalld, and we then want to restart libvirtd (delete / add all rules for all networks)?