
On Thu, Jun 13, 2024 at 05:33:43PM +0100, Daniel P. Berrangé wrote:
On Wed, Jun 12, 2024 at 07:31:51PM -0400, Laine Stump wrote:
On 6/12/24 2:32 PM, Roman Bogorodskiy wrote:
Unfortunately, I don't have access to that setup anymore and I haven't re-created it yet. IIRC, it could probably show some warnings about missing iptables, but it didn't affect anything for me.
I'm surprised that there wasn't a fatal error while starting the network though.
Having actually looked at the code again, the answer is amuzingly/depressingly obvious.... we already implemented a NULL firewall driver, which is used on non-Linux, many years ago:
See bridge_driver_platform.c, which does:
#if defined(__linux__) # include "bridge_driver_linux.c" #else # include "bridge_driver_nop.c" #endif
The bridge_driver_nop.c simply does nothing and returns success for everything. So all the different virtual network modes "work" in so much as libvirt can start them, but they don't work in the sense that we're never creating the firewall rules to implement NAT, etc.
So the root cause here is that our "firewall_backend" config logic completely forgot that the 'nop' driver already existed, and offers no way to configure it. This is quite simple to address.
I've sent a patch that ought to fix this problem, though I admit I have not actually tried it on FreeBSD. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|