On Sun, Apr 21, 2024 at 10:53:13PM -0400, Laine Stump wrote:
These objects aren't rules, they are commands that are executed that may create a firewall rule, delete a firewall rule, or simply list the existing firewall rules. It's confusing for the objects to be called "Rule" (especially in the case of the function virFirewallRemoveRule(), which doesn't remove a rule from the firewall, it takes one of the objects out of the list of commands to execute! In order to remove a rule from the host's firewall, you have to Add a "rule" (now "cmd" aka command) to the list that will, when applied/run, remove a rule from the host firewall.)
Changing the name to virFirewallCmd makes it all much less confusing.
Signed-off-by: Laine Stump <laine@redhat.com> --- src/libvirt_private.syms | 16 +- src/network/network_iptables.c | 286 +++---- src/nwfilter/nwfilter_ebiptables_driver.c | 988 +++++++++++----------- src/util/virebtables.c | 32 +- src/util/virfirewall.c | 223 +++-- src/util/virfirewall.h | 54 +- tests/virfirewalltest.c | 404 ++++----- 7 files changed, 1000 insertions(+), 1003 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|