--with-iptables-prefix was added to integrate with
a proposed system for letting iptables know how to
reload our rules.
The idea was that we'd add our rules to a chain
like libvirt-INPUT rather than INPUT, and there'd
be a configuration file which would specify whether
INPUT should include libvirt-INPUT.
The proposed system wasn't accepted so, although
there might be some other theoretical use for this,
let's just remove it.
Signed-off-by: Mark McLoughlin <markmc(a)redhat.com>
Index: libvirt/configure.in
===================================================================
--- libvirt.orig/configure.in 2008-01-04 14:51:29.000000000 +0000
+++ libvirt.orig/configure.in 2008-01-04 14:51:29.000000000 +0000
@@ -183,16 +183,6 @@ AM_CONDITIONAL(LIBVIRT_INIT_SCRIPTS_RED_
AC_MSG_RESULT($with_init_scripts)
dnl
-dnl allow the creation of iptables rules in chains with a
-dnl specific prefix rather than in the standard toplevel chains
-dnl
-AC_ARG_WITH(iptables-prefix,
- AC_HELP_STRING([--with-iptables-prefix=prefix],
- [prefix used for iptables chains, default is to use standard
toplevel chains]),
- [IPTABLES_PREFIX=$withval])
-AC_DEFINE_UNQUOTED(IPTABLES_PREFIX, "$IPTABLES_PREFIX", [prefix used for
iptables chains])
-
-dnl
dnl also support saving the various chains to files
dnl in e.g. /etc/sysconfig/iptables.d
dnl
Index: libvirt/src/iptables.c
===================================================================
--- libvirt.orig/src/iptables.c 2008-01-04 15:17:18.000000000 +0000
+++ libvirt.orig/src/iptables.c 2008-01-04 15:17:18.000000000 +0000
@@ -636,13 +636,13 @@ iptablesContextNew(void)
if (!(ctx = calloc(1, sizeof (*ctx))))
return NULL;
- if (!(ctx->input_filter = iptRulesNew("filter", IPTABLES_PREFIX
"INPUT")))
+ if (!(ctx->input_filter = iptRulesNew("filter", "INPUT")))
goto error;
- if (!(ctx->forward_filter = iptRulesNew("filter", IPTABLES_PREFIX
"FORWARD")))
+ if (!(ctx->forward_filter = iptRulesNew("filter",
"FORWARD")))
goto error;
- if (!(ctx->nat_postrouting = iptRulesNew("nat", IPTABLES_PREFIX
"POSTROUTING")))
+ if (!(ctx->nat_postrouting = iptRulesNew("nat",
"POSTROUTING")))
goto error;
return ctx;
--
Show replies by date