Re: [libvirt] [PATCH] util: refactor iptables command construction into multiple steps

Instead of creating an iptables command in one shot, do it in steps so we can add conditional options like physdev and protocol. This removes code duplication while keeping existing behaviour. Signed-off-by: Natanael Copa <ncopa(a)alpinelinux.org&gt; --- This started with me wanting to add support for setting the public ip source address when network mode='nat' and there are multiple public ip addresses on the external interface. On IRC we talked about adding an option in the xml like this: <network> <forward mode='nat' publicaddr='n.n.n.n'/> </network> Which would make iptables use '-j SNAT --to-source n.n.n.n' instead of '-j MASQUERADE'.