Details are in the commit log of patch 2. Essentially, we've been
careful to only create the iptables chains once per run, because it's
very expensive, but when firewalld is restarted, it removes our
chains, so we need to put them back.
I think this may have been a problem as far back as libvirt 5.1.0,
when we began putting our iptables rules into private chains.
Laine Stump (2):
network: make it safe to call networkSetupPrivateChains() multiple
times
network: force re-creation of iptables private chains on firewalld
restart
src/network/bridge_driver.c | 16 +++---
src/network/bridge_driver_linux.c | 77 ++++++++++++++++++----------
src/network/bridge_driver_nop.c | 3 +-
src/network/bridge_driver_platform.h | 2 +-
4 files changed, 62 insertions(+), 36 deletions(-)
--
2.25.4