[libvirt] [PATCH] [TCK] nwfilter:Follow changes to clean-traffic filter
Follow the changes to the clean-traffic filter to pass the nwfilter tests. --- scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat | 33 +++++++---------- 1 file changed, 15 insertions(+), 18 deletions(-) Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat @@ -3,34 +3,31 @@ #ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$" -o vnet0 -j libvirt-O-vnet0 #ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$" --p IPv4 -j I-vnet0-ipv4 --p ARP -j I-vnet0-arp +-j I-vnet0-mac +-p IPv4 -j I-vnet0-ipv4-ip +-p IPv4 -j ACCEPT +-p ARP -j I-vnet0-arp-mac +-p ARP -j I-vnet0-arp-ip +-p ARP -j ACCEPT -p 0x8035 -j I-vnet0-rarp -p 0x835 -j ACCEPT -j DROP #ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$" -p IPv4 -j O-vnet0-ipv4 --p ARP -j O-vnet0-arp +-p ARP -j ACCEPT -p 0x8035 -j O-vnet0-rarp -j DROP -#ebtables -t nat -L I-vnet0-ipv4 | grep -v "^Bridge" | grep -v "^$" --s ! 52:54:0:9f:33:da -j DROP --p IPv4 --ip-src ! 10.1.1.1 -j DROP +#ebtables -t nat -L I-vnet0-ipv4-ip | grep -v "^Bridge" | grep -v "^$" +-p IPv4 --ip-src 0.0.0.0 --ip-proto udp --ip-sport 68 -j ACCEPT +-p IPv4 --ip-src 10.1.1.1 -j RETURN +-j DROP #ebtables -t nat -L O-vnet0-ipv4 | grep -v "^Bridge" | grep -v "^$" -j ACCEPT -#ebtables -t nat -L I-vnet0-arp | grep -v "^Bridge" | grep -v "^$" --s ! 52:54:0:9f:33:da -j DROP --p ARP --arp-mac-src ! 52:54:0:9f:33:da -j DROP --p ARP --arp-ip-src ! 10.1.1.1 -j DROP --p ARP --arp-op Request -j ACCEPT --p ARP --arp-op Reply -j ACCEPT +#ebtables -t nat -L I-vnet0-arp-mac | grep -v "^Bridge" | grep -v "^$" +-p ARP --arp-mac-src 52:54:0:9f:33:da -j RETURN -j DROP -#ebtables -t nat -L O-vnet0-arp | grep -v "^Bridge" | grep -v "^$" --p ARP --arp-gratuitous -j ACCEPT --p ARP --arp-op Reply --arp-mac-dst ! 52:54:0:9f:33:da -j DROP --p ARP --arp-ip-dst ! 10.1.1.1 -j DROP --p ARP --arp-op Request -j ACCEPT --p ARP --arp-op Reply -j ACCEPT +#ebtables -t nat -L I-vnet0-arp-ip | grep -v "^Bridge" | grep -v "^$" +-p ARP --arp-ip-src 10.1.1.1 -j RETURN -j DROP #ip6tables -L FI-vnet0 -n Chain FI-vnet0 (1 references)
On 12/01/2011 06:38 PM, Stefan Berger wrote:
Follow the changes to the clean-traffic filter to pass the nwfilter tests.
--- scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat | 33 +++++++---------- 1 file changed, 15 insertions(+), 18 deletions(-)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat @@ -3,34 +3,31 @@ #ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$" -o vnet0 -j libvirt-O-vnet0 #ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$" --p IPv4 -j I-vnet0-ipv4 --p ARP -j I-vnet0-arp +-j I-vnet0-mac +-p IPv4 -j I-vnet0-ipv4-ip +-p IPv4 -j ACCEPT +-p ARP -j I-vnet0-arp-mac +-p ARP -j I-vnet0-arp-ip +-p ARP -j ACCEPT
ACK. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On 12/02/2011 12:10 PM, Eric Blake wrote:
On 12/01/2011 06:38 PM, Stefan Berger wrote:
Follow the changes to the clean-traffic filter to pass the nwfilter tests.
--- scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat | 33 +++++++---------- 1 file changed, 15 insertions(+), 18 deletions(-)
Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat @@ -3,34 +3,31 @@ #ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$" -o vnet0 -j libvirt-O-vnet0 #ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$" --p IPv4 -j I-vnet0-ipv4 --p ARP -j I-vnet0-arp +-j I-vnet0-mac +-p IPv4 -j I-vnet0-ipv4-ip +-p IPv4 -j ACCEPT +-p ARP -j I-vnet0-arp-mac +-p ARP -j I-vnet0-arp-ip +-p ARP -j ACCEPT ACK.
Pushed.
participants (2)
-
Eric Blake -
Stefan Berger