On Tue, Apr 30, 2024 at 01:44:04PM -0400, Laine Stump wrote:
If the VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK flag is set, each time an iptables command is executed that is adding a rule or chain, a corresponding command that will *delete* the same rule/chain is constructed and added to the list of rollback commands. If we later want to undo the entire firewall, we can just run those commands.
This isn't yet used anywhere, since VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK isn't being set.
Signed-off-by: Laine Stump <laine@redhat.com> --- src/util/virfirewall.c | 55 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 48 insertions(+), 7 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|