[libvirt] [TCK] [PATCH] nwfilter: Add '-n' flag to iptables command where missing
Add the -n flag to the iptables command where it is missing to avoid delays due to name resolution. --- scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall | 9 +++++---- scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall | 8 ++++---- scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall | 8 ++++---- 3 files changed, 13 insertions(+), 12 deletions(-) Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall @@ -24,7 +24,8 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 -#iptables -L FORWARD --line-number | grep libvirt -1 libvirt-in all -- anywhere anywhere -2 libvirt-out all -- anywhere anywhere -3 libvirt-in-post all -- anywhere anywhere +#iptables -L FORWARD -n --line-number | grep libvirt +1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 +2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 +3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0 + Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall @@ -42,10 +42,10 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 -#iptables -L FORWARD --line-number | grep libvirt -1 libvirt-in all -- anywhere anywhere -2 libvirt-out all -- anywhere anywhere -3 libvirt-in-post all -- anywhere anywhere +#iptables -L FORWARD -n --line-number | grep libvirt +1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 +2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 +3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0 #ebtables -t nat -L PREROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$" -i vnet0 -j libvirt-I-vnet0 #ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$" Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall @@ -27,8 +27,8 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 -#iptables -L FORWARD --line-number | grep libvirt -1 libvirt-in all -- anywhere anywhere -2 libvirt-out all -- anywhere anywhere -3 libvirt-in-post all -- anywhere anywhere +#iptables -L FORWARD -n --line-number | grep libvirt +1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 +2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 +3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0
On Mon, Nov 21, 2011 at 07:20:28AM -0500, Stefan Berger wrote:
Add the -n flag to the iptables command where it is missing to avoid delays due to name resolution.
--- scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall | 9 +++++---- scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall | 8 ++++---- scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall | 8 ++++---- 3 files changed, 13 insertions(+), 12 deletions(-)
ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 11/21/2011 08:18 AM, Daniel P. Berrange wrote:
On Mon, Nov 21, 2011 at 07:20:28AM -0500, Stefan Berger wrote:
Add the -n flag to the iptables command where it is missing to avoid delays due to name resolution.
--- scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall | 9 +++++---- scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall | 8 ++++---- scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall | 8 ++++---- 3 files changed, 13 insertions(+), 12 deletions(-) ACK
Daniel Pushed.
Stefan
participants (2)
-
Daniel P. Berrange -
Stefan Berger