Re: [libvirt] [PATCH] network: properly update iptables rules during net-update

This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1035336 The basic problem is that during a network update, the required iptables rules sometimes change, and this was being handled by simply removing and re-adding the rules. However, the removal of the old rules was done based on the *new* state of the network, which would mean that some of the rules would not match those currently in the system, so the old rules wouldn't be removed. This patch removes the old rules prior to updating the network definitionm then adds the new rules as soon as the definition is

updated. Note that this could lead to a stray packet or two during the interim, but that was already a problem before (the period of limbo is now just slightly longer). While moving the location for the rules, I added a few more sections that should result in the iptables rules being redone: