Re: [libvirt] [PATCH] nwfilter: enable rejection of packets

On 02/18/2011 09:56 AM, Stefan Berger wrote: > This patch adds the possibility to not just drop packets, but to also > have them rejected where iptables at least sends an ICMP msg back to > the originator. On ebtables this again maps into dropping packets > since rejecting is not supported. > > I am adding 'since 0.8.9' to the docs assuming this will be the next > version of libvirt. > > Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com&gt; > > --- > docs/formatnwfilter.html.in | 8 +++++--- > docs/schemas/nwfilter.rng | 1 + > src/conf/nwfilter_conf.c | 6 ++++-- > src/conf/nwfilter_conf.h | 1 + > src/nwfilter/nwfilter_ebiptables_driver.c | 15 +++++++++++++-- > 5 files changed, 24 insertions(+), 7 deletions(-) ACK. I haven't run it, but it all looks reasonable.