Re: [libvirt] [RFC PATCHv2 4/9] make default chain policy "DROP"

Wednesday, 5 October 2011

On Wed, Oct 05, 2011 at 09:04:11AM -0700, David Stevens wrote:
...
 "Daniel P. Berrange" <berrange(a)redhat.com&gt; wrote on
10/05/2011 08:43:45 
 AM:

 > This sounds like it is introducing a backwards compatibility problem
 > wrt older libvirt deployments using NW Filters.

 I don't think so. Again, only if someone has modified a standard
 filter would they have to make those same modifications to the
 new set. The default value wouldn't need to change, but they are
 all ending with "-j DROP" otherwise. 
What if they have created their own custom filters and written their
filter on the assumption that the default policy was ACCEPT ? Surely
this change will break their filter ?

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [RFC PATCHv2 4/9] make default chain policy "DROP"