On Fri, Jan 04, 2008 at 03:57:32PM +0000, Mark McLoughlin wrote: > Add support for integrating our iptables support with Fedora's > iptables configuration using the lokkit --custom-rules command. > > Basically, we write out our rules to /var/lib/libvirt/iptables > and run lokkit --custom-rules so that if e.g. iptables is > restarted or the user edits their firewall configuration, then > libvirt's rules get reloaded. Ahh, that's very nice to have. > +dnl > +dnl ensure that Fedora's system-config-firewall knows > +dnl about libvirt's iptables rules > +dnl > +AC_ARG_ENABLE(iptables-lokkit, > + AC_HELP_STRING([--enable-iptables-lokkit=no/yes], > + [enable registering libvirt's iptables rules with Fedora's lokkit]), > + [],[enable_iptables_lokkit=no]) > +if test x"$enable_iptables_lokkit" = x"yes"; then > + AC_DEFINE(ENABLE_IPTABLES_LOKKIT, [], [whether support for Fedora's lokkit is enabled]) > + AC_PATH_PROG(LOKKIT_PATH, lokkit, /usr/sbin/lokkit) > + AC_DEFINE_UNQUOTED(LOKKIT_PATH, "$LOKKIT_PATH", [path to lokkit binary]) > +fi > + Could we make the configure script a little more clever so that it is a tri-state and can auto-detect whether lokkit is available. - enable_iptables_lokkit=no - force disable - enable_iptables_lokkit=yes - check if it is supported, and error if not - enable_iptables_lokkit=check - check if it is supported and enable or disable as needed With 'check' being the default. This makes it 'do the right' thing by default, and lets the user have a strict override if neccessary. ACK to the rest of the patch Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list