5:24 a.m.
---
src/nwfilter/nwfilter_ebiptables_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c
b/src/nwfilter/nwfilter_ebiptables_driver.c
index 4fec52d..db2276c 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -166,7 +166,7 @@ static const char ebiptables_script_set_ifs[] =
snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname)
#define PHYSDEV_IN "--physdev-in"
-#define PHYSDEV_OUT "--physdev-out"
+#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
static const char *m_state_out_str = "-m state --state NEW,ESTABLISHED";
static const char *m_state_in_str = "-m state --state ESTABLISHED";
--
1.7.11.5
12:33 p.m.
On 01/17/2013 04:24 AM, Reinier Schoof wrote:
---
src/nwfilter/nwfilter_ebiptables_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c
b/src/nwfilter/nwfilter_ebiptables_driver.c
index 4fec52d..db2276c 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -166,7 +166,7 @@ static const char ebiptables_script_set_ifs[] =
snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname)
#define PHYSDEV_IN "--physdev-in"
-#define PHYSDEV_OUT "--physdev-out"
+#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
Stefan ACKd in the other thread, so I've gone ahead and pushed this,
after amending the commit message to include details from the other thread.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
1:44 a.m.
Op 17-1-2013 19:33, Eric Blake schreef:
On 01/17/2013 04:24 AM, Reinier Schoof wrote:
> ---
> src/nwfilter/nwfilter_ebiptables_driver.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c
b/src/nwfilter/nwfilter_ebiptables_driver.c
> index 4fec52d..db2276c 100644
> --- a/src/nwfilter/nwfilter_ebiptables_driver.c
> +++ b/src/nwfilter/nwfilter_ebiptables_driver.c
> @@ -166,7 +166,7 @@ static const char ebiptables_script_set_ifs[] =
> snprintf(buf, sizeof(buf), "%c%c-%s", prefix[0], prefix[1], ifname)
>
> #define PHYSDEV_IN "--physdev-in"
> -#define PHYSDEV_OUT "--physdev-out"
> +#define PHYSDEV_OUT "--physdev-is-bridged --physdev-out"
Stefan ACKd in the other thread, so I've gone ahead and pushed this,
after amending the commit message to include details from the other thread.
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Thanks for committing the patch!
On a side note, please be aware that when upgrading to a libvirt version
with this patch included, libvirt will not be able to remove the earlier
ip(6)tables rules without the '--physdev-is-bridged' addition. When
restarting libvirt, it will look for rules that match with
'--physdev-is-bridged' and since that wasn't there before, you'll end up
with a duplicate/malfunctioning ruleset. You'll have to remove these
rules/chains manually.
--
TransIP BV | https://www.transip.nl/
2:18 p.m.
On 01/18/2013 12:44 AM, Reinier Schoof wrote:
Op 17-1-2013 19:33, Eric Blake schreef:
> On 01/17/2013 04:24 AM, Reinier Schoof wrote:
>> ---
>> src/nwfilter/nwfilter_ebiptables_driver.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
On a side note, please be aware that when upgrading to a libvirt
version
with this patch included, libvirt will not be able to remove the earlier
ip(6)tables rules without the '--physdev-is-bridged' addition. When
restarting libvirt, it will look for rules that match with
'--physdev-is-bridged' and since that wasn't there before, you'll end up
with a duplicate/malfunctioning ruleset. You'll have to remove these
rules/chains manually.
Can we be nicer than that? That is, can we teach the removal code to
recognize rules from the older libvirt, so that upgrades are smooth?
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
4323
days inactive
4327
days old
3 comments
2 participants
participants (2)
-
Eric Blake -
Reinier Schoof