On 10/19/2011 01:51 AM, Daniel P. Berrange wrote:
On Tue, Oct 18, 2011 at 12:55:25PM -0700, David L Stevens wrote:
This patch adds support for "continue" and "return" actions in filter rules.
Signed-off-by: David L Stevens<dlstevens@us.ibm.com>
ACK
Though it'd be good to update docs/nwfilter.html.in too to mention this
I'm squashing in this, so they are at least documented, but I didn't know how to work them into an example, so further content updates from you would be helpful. I also added you to AUTHORS; let me know if any spelling updates are needed. diff --git i/docs/formatnwfilter.html.in w/docs/formatnwfilter.html.in index 8df4a93..5e9daea 100644 --- i/docs/formatnwfilter.html.in +++ w/docs/formatnwfilter.html.in @@ -258,11 +258,19 @@ </p> <ul> <li> - action -- mandatory; must either be <code>drop</code>, - <code>reject</code><span class="since">(since 0.9.0)</span>, - or <code>accept</code> if - the evaluation of the filtering rule is supposed to drop, - reject (using ICMP message), or accept a packet + action -- mandatory; must either be <code>drop</code> + (matching the rule silently discards the packet with no + further analysis), + <code>reject</code> (matching the rule generates an ICMP + reject message with no further analysis) <span class="since">(since + 0.9.0)</span>, <code>accept</code> (matching the rule accepts + the packet with no further analysis), <code>return</code> + (matching the rule passes this filter, but returns control to + the calling filter for further + analysis) <span class="since">(since 0.9.7)</span>, + or <code>continue<code> (matching the rule goes on to the next + rule for further analysis) <span class="since">(since + 0.9.7)</span>. </li> <li> direction -- mandatory; must either be <code>in</code>, <code>out</code> or -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org