Op 17-1-2013 19:33, Eric Blake schreef:
On 01/17/2013 04:24 AM, Reinier Schoof wrote:
--- src/nwfilter/nwfilter_ebiptables_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 4fec52d..db2276c 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -166,7 +166,7 @@ static const char ebiptables_script_set_ifs[] = snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname)
#define PHYSDEV_IN "--physdev-in" -#define PHYSDEV_OUT "--physdev-out" +#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
Stefan ACKd in the other thread, so I've gone ahead and pushed this, after amending the commit message to include details from the other thread.
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Thanks for committing the patch! On a side note, please be aware that when upgrading to a libvirt version with this patch included, libvirt will not be able to remove the earlier ip(6)tables rules without the '--physdev-is-bridged' addition. When restarting libvirt, it will look for rules that match with '--physdev-is-bridged' and since that wasn't there before, you'll end up with a duplicate/malfunctioning ruleset. You'll have to remove these rules/chains manually. -- TransIP BV | https://www.transip.nl/