Re: [libvirt] [PATCH] fixed xt_physdev warning when defining ip(6)tables rules
Op 17-1-2013 19:33, Eric Blake schreef:
On 01/17/2013 04:24 AM, Reinier Schoof wrote:
> ---
> src/nwfilter/nwfilter_ebiptables_driver.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c
b/src/nwfilter/nwfilter_ebiptables_driver.c
> index 4fec52d..db2276c 100644
> --- a/src/nwfilter/nwfilter_ebiptables_driver.c
> +++ b/src/nwfilter/nwfilter_ebiptables_driver.c
> @@ -166,7 +166,7 @@ static const char ebiptables_script_set_ifs[] =
> snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname)
>
> #define PHYSDEV_IN "--physdev-in"
> -#define PHYSDEV_OUT "--physdev-out"
> +#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
Stefan ACKd in the other thread, so I've gone ahead and pushed this,
after amending the commit message to include details from the other thread.
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Thanks for committing the patch!
On a side note, please be aware that when upgrading to a libvirt version
with this patch included, libvirt will not be able to remove the earlier
ip(6)tables rules without the '--physdev-is-bridged' addition. When
restarting libvirt, it will look for rules that match with
'--physdev-is-bridged' and since that wasn't there before, you'll end up
with a duplicate/malfunctioning ruleset. You'll have to remove these
rules/chains manually.
--
TransIP BV | https://www.transip.nl/