[PATCH] news: document fixed nwfilter driver base chain creation

From: Daniel P. Berrangé <berrange(a)redhat.com&gt; Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; --- NEWS.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index e5e8626729..c7bfac1db4 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -48,6 +48,14 @@ v11.6.0 (unreleased) * **Bug fixes** + * The nwfilter driver no longer recreates the base iptable/ip6tables chains + + The nwfilter driver had a impl mistake causing it to recreate the + base chains for iptables/ip6tables every time a VM was started. + This allowed a small window where traffic might not be fully + filtered. It now handles iptables/ip6tables the same way as + ebtables, creating the base chains only if they did not already + exist. v11.5.0 (2025-07-01) ==================== -- 2.50.1