[PATCH 1/8] virFirewallAddRule: exchange first two parameters

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



clang 3.8 complains:
util/virfirewall.c:425:30: error: passing an object that undergoes
default argument promotion to 'va_start' has undefined behavior
[-Werror,-Wvarargs]
    __builtin_va_start(args, layer);

Exchange the parameters to have a pointer as the last argument.
---
Alternatives:
 * make a macro wrapper around virFirewallAddRule which
   has a non-enum parameter after layer
 * just silence the warning
 * ???

 src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++--------------
 src/util/virebtables.c                    |  8 +--
 src/util/virfirewall.c                    |  8 +--
 src/util/virfirewall.h                    |  4 +-
 src/util/viriptables.c                    | 38 ++++++-------
 tests/virfirewalltest.c                   | 94 +++++++++++++++----------------
 6 files changed, 118 insertions(+), 118 deletions(-)

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 0ab7c08..c6d448c 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -454,13 +454,13 @@ iptablesCreateBaseChainsFW(virFirewallPtr fw,
     virFirewallAddRuleFull(fw, layer,
                            true, NULL, NULL,
                            "-D", "INPUT", "-j", HOST_IN_CHAIN, NULL);
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "-I", "FORWARD", "1", "-j", VIRT_IN_CHAIN, NULL);
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "-I", "FORWARD", "2", "-j", VIRT_OUT_CHAIN, NULL);
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "-I", "FORWARD", "3", "-j", VIRT_IN_POST_CHAIN, NULL);
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "-I", "INPUT", "1", "-j", HOST_IN_CHAIN, NULL);
 }
 
@@ -480,7 +480,7 @@ iptablesCreateTmpRootChainFW(virFirewallPtr fw,
 
     PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
 
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "-N", chain, NULL);
 }
 
@@ -588,13 +588,13 @@ iptablesLinkTmpRootChainFW(virFirewallPtr fw,
     PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
 
     if (incoming)
-        virFirewallAddRule(fw, layer,
+        virFirewallAddRule(layer, fw,
                            "-A", basechain,
                            MATCH_PHYSDEV_IN_FW,
                            ifname,
                            "-g", chain, NULL);
     else
-        virFirewallAddRule(fw, layer,
+        virFirewallAddRule(layer, fw,
                            "-A", basechain,
                            MATCH_PHYSDEV_OUT_FW,
                            ifname,
@@ -623,7 +623,7 @@ iptablesSetupVirtInPostFW(virFirewallPtr fw ATTRIBUTE_UNUSED,
                            "-D", VIRT_IN_POST_CHAIN,
                            MATCH_PHYSDEV_IN_FW,
                            ifname, "-j", "ACCEPT", NULL);
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "-A", VIRT_IN_POST_CHAIN,
                        MATCH_PHYSDEV_IN_FW,
                        ifname, "-j", "ACCEPT", NULL);
@@ -762,7 +762,7 @@ iptablesRenameTmpRootChainFW(virFirewallPtr fw,
     PRINT_IPT_ROOT_CHAIN(tmpchain, tmpChainPrefix, ifname);
     PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
 
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "-E", tmpchain, chain, NULL);
 }
 
@@ -1186,7 +1186,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
     switch (rule->prtclType) {
     case VIR_NWFILTER_RULE_PROTOCOL_TCP:
     case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6:
-        fwrule = virFirewallAddRule(fw, layer,
+        fwrule = virFirewallAddRule(layer, fw,
                                     "-A", chain,
                                     "-p", "tcp",
                                     NULL);
@@ -1245,7 +1245,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
 
     case VIR_NWFILTER_RULE_PROTOCOL_UDP:
     case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6:
-        fwrule = virFirewallAddRule(fw, layer,
+        fwrule = virFirewallAddRule(layer, fw,
                                     "-A", chain,
                                     "-p", "udp",
                                     NULL);
@@ -1275,7 +1275,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
 
     case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
     case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6:
-        fwrule = virFirewallAddRule(fw, layer,
+        fwrule = virFirewallAddRule(layer, fw,
                                     "-A", chain,
                                     "-p", "udplite",
                                     NULL);
@@ -1300,7 +1300,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
 
     case VIR_NWFILTER_RULE_PROTOCOL_ESP:
     case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6:
-        fwrule = virFirewallAddRule(fw, layer,
+        fwrule = virFirewallAddRule(layer, fw,
                                     "-A", chain,
                                     "-p", "esp",
                                     NULL);
@@ -1325,7 +1325,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
 
     case VIR_NWFILTER_RULE_PROTOCOL_AH:
     case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6:
-        fwrule = virFirewallAddRule(fw, layer,
+        fwrule = virFirewallAddRule(layer, fw,
                                     "-A", chain,
                                     "-p", "ah",
                                     NULL);
@@ -1350,7 +1350,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
 
     case VIR_NWFILTER_RULE_PROTOCOL_SCTP:
     case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
-        fwrule = virFirewallAddRule(fw, layer,
+        fwrule = virFirewallAddRule(layer, fw,
                                     "-A", chain,
                                     "-p", "sctp",
                                     NULL);
@@ -1380,7 +1380,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
 
     case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
     case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
-        fwrule = virFirewallAddRule(fw, layer,
+        fwrule = virFirewallAddRule(layer, fw,
                                     "-A", chain,
                                     NULL);
 
@@ -1447,7 +1447,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
     break;
 
     case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
-        fwrule = virFirewallAddRule(fw, layer,
+        fwrule = virFirewallAddRule(layer, fw,
                                     "-A", chain,
                                     "-p", "igmp",
                                     NULL);
@@ -1472,7 +1472,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
 
     case VIR_NWFILTER_RULE_PROTOCOL_ALL:
     case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
-        fwrule = virFirewallAddRule(fw, layer,
+        fwrule = virFirewallAddRule(layer, fw,
                                     "-A", chain,
                                     "-p", "all",
                                     NULL);
@@ -1875,7 +1875,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
 
     switch (rule->prtclType) {
     case VIR_NWFILTER_RULE_PROTOCOL_MAC:
-        fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+        fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                     "-t", "nat",
                                     "-A", chain, NULL);
 
@@ -1898,7 +1898,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
         break;
 
     case VIR_NWFILTER_RULE_PROTOCOL_VLAN:
-        fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+        fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                     "-t", "nat", "-A", chain, NULL);
 
         if (ebtablesHandleEthHdr(fw, fwrule,
@@ -1927,7 +1927,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
             return -1;
         }
 
-        fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+        fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                     "-t", "nat", "-A", chain, NULL);
 
         if (ebtablesHandleEthHdr(fw, fwrule,
@@ -1963,7 +1963,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
 
     case VIR_NWFILTER_RULE_PROTOCOL_ARP:
     case VIR_NWFILTER_RULE_PROTOCOL_RARP:
-        fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+        fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                     "-t", "nat", "-A", chain, NULL);
 
         if (ebtablesHandleEthHdr(fw, fwrule,
@@ -2090,7 +2090,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
         break;
 
     case VIR_NWFILTER_RULE_PROTOCOL_IP:
-        fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+        fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                     "-t", "nat", "-A", chain, NULL);
 
         if (ebtablesHandleEthHdr(fw, fwrule,
@@ -2223,7 +2223,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
         break;
 
     case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
-        fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+        fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                     "-t", "nat", "-A", chain, NULL);
 
         if (ebtablesHandleEthHdr(fw, fwrule,
@@ -2423,7 +2423,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
         break;
 
     case VIR_NWFILTER_RULE_PROTOCOL_NONE:
-        fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+        fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                     "-t", "nat", "-A", chain, NULL);
         break;
 
@@ -2543,7 +2543,7 @@ ebtablesCreateTmpRootChainFW(virFirewallPtr fw,
 
     PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-N", chain, NULL);
 }
 
@@ -2558,7 +2558,7 @@ ebtablesLinkTmpRootChainFW(virFirewallPtr fw,
 
     PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A",
                        incoming ? EBTABLES_CHAIN_INCOMING : EBTABLES_CHAIN_OUTGOING,
                        incoming ? "-i" : "-o",
@@ -2671,10 +2671,10 @@ ebtablesCreateTmpSubChainFW(virFirewallPtr fw,
     virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_ETHERNET,
                            true, NULL, NULL,
                            "-t", "nat", "-X", chain, NULL);
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-N", chain, NULL);
 
-    fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                 "-t", "nat", "-A", rootchain, NULL);
 
     switch (protoidx) {
@@ -2785,7 +2785,7 @@ ebtablesRenameTmpSubChainFW(virFirewallPtr fw,
         PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
     }
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-E", tmpchain, chain, NULL);
 }
 
@@ -2834,7 +2834,7 @@ ebtablesRenameTmpSubAndRootChainsQuery(virFirewallPtr fw,
         virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_ETHERNET,
                                true, NULL, NULL,
                                "-t", "nat", "-X", newchain, NULL);
-        virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+        virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                            "-t", "nat", "-E", tmp, newchain, NULL);
     }
 
@@ -2911,19 +2911,19 @@ ebtablesApplyBasicRules(const char *ifname,
     ebtablesCreateTmpRootChainFW(fw, true, ifname);
 
     PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A", chain,
                        "-s", "!", macaddr_str,
                        "-j", "DROP", NULL);
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A", chain,
                        "-p", "IPv4",
                        "-j", "ACCEPT", NULL);
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A", chain,
                        "-p", "ARP",
                        "-j", "ACCEPT", NULL);
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A", chain,
                        "-j", "DROP", NULL);
 
@@ -2987,14 +2987,14 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
     PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname);
     PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A", chain_in,
                        "-s", macaddr_str,
                        "-p", "ipv4", "--ip-protocol", "udp",
                        "--ip-sport", "68", "--ip-dport", "67",
                        "-j", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A", chain_in,
                        "-j", "DROP", NULL);
 
@@ -3015,7 +3015,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
          */
         for (ctr = 0; ctr < 2; ctr++) {
             if (dhcpserver)
-                virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+                virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                    "-t", "nat", "-A", chain_out,
                                    "-d", (ctr == 0) ? macaddr_str : "ff:ff:ff:ff:ff:ff",
                                    "-p", "ipv4", "--ip-protocol", "udp",
@@ -3023,7 +3023,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
                                    "--ip-sport", "67", "--ip-dport", "68",
                                    "-j", "ACCEPT", NULL);
             else
-                virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+                virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                                    "-t", "nat", "-A", chain_out,
                                    "-d", (ctr == 0) ? macaddr_str : "ff:ff:ff:ff:ff:ff",
                                    "-p", "ipv4", "--ip-protocol", "udp",
@@ -3037,7 +3037,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
             break;
     }
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A", chain_out,
                        "-j", "DROP", NULL);
 
@@ -3091,11 +3091,11 @@ ebtablesApplyDropAllRules(const char *ifname)
     PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname);
     PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A", chain_in,
                        "-j", "DROP", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-t", "nat", "-A", chain_out,
                        "-j", "DROP", NULL);
 
diff --git a/src/util/virebtables.c b/src/util/virebtables.c
index 2ffff08..e608ebb 100644
--- a/src/util/virebtables.c
+++ b/src/util/virebtables.c
@@ -94,15 +94,15 @@ ebtablesAddForwardPolicyReject(ebtablesContext *ctx)
 
     fw = virFirewallNew();
     virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "--new-chain", ctx->chain,
                        NULL);
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "--insert", "FORWARD",
                        "--jump", ctx->chain, NULL);
 
     virFirewallStartTransaction(fw, 0);
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        "-P", ctx->chain, "DROP",
                        NULL);
 
@@ -130,7 +130,7 @@ ebtablesForwardAllowIn(ebtablesContext *ctx,
 
     fw = virFirewallNew();
     virFirewallStartTransaction(fw, 0);
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
                        action == ADD ? "--insert" : "--delete",
                        ctx->chain,
                        "--in-interface", iface,
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index f26fd86..025df5b 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -407,8 +407,8 @@ virFirewallAddRuleFullV(virFirewallPtr firewall,
 
 /**
  * virFirewallAddRule:
- * @firewall: firewall ruleset to add to
  * @layer: the firewall layer to change
+ * @firewall: firewall ruleset to add to
  * @...: NULL terminated list of strings for the rule
  *
  * Add any type of rule to the firewall ruleset.
@@ -416,13 +416,13 @@ virFirewallAddRuleFullV(virFirewallPtr firewall,
  * Returns the new rule
  */
 virFirewallRulePtr
-virFirewallAddRule(virFirewallPtr firewall,
-                   virFirewallLayer layer,
+virFirewallAddRule(virFirewallLayer layer,
+                   virFirewallPtr firewall,
                    ...)
 {
     virFirewallRulePtr rule;
     va_list args;
-    va_start(args, layer);
+    va_start(args, firewall);
     rule = virFirewallAddRuleFullV(firewall, layer, false, NULL, NULL, args);
     va_end(args);
     return rule;
diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
index dbf3975..371956c 100644
--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
@@ -44,8 +44,8 @@ virFirewallPtr virFirewallNew(void);
 
 void virFirewallFree(virFirewallPtr firewall);
 
-virFirewallRulePtr virFirewallAddRule(virFirewallPtr firewall,
-                                      virFirewallLayer layer,
+virFirewallRulePtr virFirewallAddRule(virFirewallLayer layer,
+                                      virFirewallPtr firewall,
                                       ...)
     ATTRIBUTE_SENTINEL;
 
diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index e921954..91b2a40 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -69,7 +69,7 @@ iptablesInput(virFirewallPtr fw,
     snprintf(portstr, sizeof(portstr), "%d", port);
     portstr[sizeof(portstr) - 1] = '\0';
 
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "--table", "filter",
                        action == ADD ? "--insert" : "--delete", "INPUT",
                        "--in-interface", iface,
@@ -92,7 +92,7 @@ iptablesOutput(virFirewallPtr fw,
     snprintf(portstr, sizeof(portstr), "%d", port);
     portstr[sizeof(portstr) - 1] = '\0';
 
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "--table", "filter",
                        action == ADD ? "--insert" : "--delete", "OUTPUT",
                        "--out-interface", iface,
@@ -262,7 +262,7 @@ iptablesForwardAllowOut(virFirewallPtr fw,
         return -1;
 
     if (physdev && physdev[0])
-        virFirewallAddRule(fw, layer,
+        virFirewallAddRule(layer, fw,
                            "--table", "filter",
                            action == ADD ? "--insert" : "--delete", "FORWARD",
                            "--source", networkstr,
@@ -271,7 +271,7 @@ iptablesForwardAllowOut(virFirewallPtr fw,
                            "--jump", "ACCEPT",
                            NULL);
     else
-        virFirewallAddRule(fw, layer,
+        virFirewallAddRule(layer, fw,
                            "--table", "filter",
                            action == ADD ? "--insert" : "--delete", "FORWARD",
                            "--source", networkstr,
@@ -349,7 +349,7 @@ iptablesForwardAllowRelatedIn(virFirewallPtr fw,
         return -1;
 
     if (physdev && physdev[0])
-        virFirewallAddRule(fw, layer,
+        virFirewallAddRule(layer, fw,
                            "--table", "filter",
                            action == ADD ? "--insert" : "--delete", "FORWARD",
                            "--destination", networkstr,
@@ -360,7 +360,7 @@ iptablesForwardAllowRelatedIn(virFirewallPtr fw,
                            "--jump", "ACCEPT",
                            NULL);
     else
-        virFirewallAddRule(fw, layer,
+        virFirewallAddRule(layer, fw,
                            "--table", "filter",
                            action == ADD ? "--insert" : "--delete", "FORWARD",
                            "--destination", networkstr,
@@ -438,7 +438,7 @@ iptablesForwardAllowIn(virFirewallPtr fw,
         return -1;
 
     if (physdev && physdev[0])
-        virFirewallAddRule(fw, layer,
+        virFirewallAddRule(layer, fw,
                            "--table", "filter",
                            action == ADD ? "--insert" : "--delete", "FORWARD",
                            "--destination", networkstr,
@@ -447,7 +447,7 @@ iptablesForwardAllowIn(virFirewallPtr fw,
                            "--jump", "ACCEPT",
                            NULL);
     else
-        virFirewallAddRule(fw, layer,
+        virFirewallAddRule(layer, fw,
                            "--table", "filter",
                            action == ADD ? "--insert" : "--delete", "FORWARD",
                            "--destination", networkstr,
@@ -520,7 +520,7 @@ iptablesAddForwardAllowCross(virFirewallPtr fw,
                              virFirewallLayer layer,
                              const char *iface)
 {
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "--table", "filter",
                        "--insert", "FORWARD",
                        "--in-interface", iface,
@@ -545,7 +545,7 @@ iptablesRemoveForwardAllowCross(virFirewallPtr fw,
                                 virFirewallLayer layer,
                                 const char *iface)
 {
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "--table", "filter",
                        "--delete", "FORWARD",
                        "--in-interface", iface,
@@ -569,7 +569,7 @@ iptablesAddForwardRejectOut(virFirewallPtr fw,
                             virFirewallLayer layer,
                             const char *iface)
 {
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "--table", "filter",
                        "--insert", "FORWARD",
                        "--in-interface", iface,
@@ -592,7 +592,7 @@ iptablesRemoveForwardRejectOut(virFirewallPtr fw,
                                virFirewallLayer layer,
                                const char *iface)
 {
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "--table", "filter",
                        "--delete", "FORWARD",
                        "--in-interface", iface,
@@ -616,7 +616,7 @@ iptablesAddForwardRejectIn(virFirewallPtr fw,
                            virFirewallLayer layer,
                            const char *iface)
 {
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "--table", "filter",
                        "--insert", "FORWARD",
                        "--out-interface", iface,
@@ -639,7 +639,7 @@ iptablesRemoveForwardRejectIn(virFirewallPtr fw,
                               virFirewallLayer layer,
                               const char *iface)
 {
-    virFirewallAddRule(fw, layer,
+    virFirewallAddRule(layer, fw,
                        "--table", "filter",
                        "--delete", "FORWARD",
                        "--out-interface", iface,
@@ -690,7 +690,7 @@ iptablesForwardMasquerade(virFirewallPtr fw,
     }
 
     if (protocol && protocol[0]) {
-        rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+        rule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                                   "--table", "nat",
                                   action == ADD ? "--insert" : "--delete", "POSTROUTING",
                                   "--source", networkstr,
@@ -698,7 +698,7 @@ iptablesForwardMasquerade(virFirewallPtr fw,
                                   "!", "--destination", networkstr,
                                   NULL);
     } else {
-        rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+        rule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                                   "--table", "nat",
                                   action == ADD ? "--insert" : "--delete", "POSTROUTING",
                                   "--source", networkstr,
@@ -842,7 +842,7 @@ iptablesForwardDontMasquerade(virFirewallPtr fw,
     }
 
     if (physdev && physdev[0])
-        virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+        virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                            "--table", "nat",
                            action == ADD ? "--insert" : "--delete", "POSTROUTING",
                            "--out-interface", physdev,
@@ -851,7 +851,7 @@ iptablesForwardDontMasquerade(virFirewallPtr fw,
                            "--jump", "RETURN",
                            NULL);
     else
-        virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+        virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                            "--table", "nat",
                            action == ADD ? "--insert" : "--delete", "POSTROUTING",
                            "--source", networkstr,
@@ -927,7 +927,7 @@ iptablesOutputFixUdpChecksum(virFirewallPtr fw,
     snprintf(portstr, sizeof(portstr), "%d", port);
     portstr[sizeof(portstr) - 1] = '\0';
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "--table", "mangle",
                        action == ADD ? "--insert" : "--delete", "POSTROUTING",
                        "--out-interface", iface,
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index 6f4fed5..49bfaa5 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -221,12 +221,12 @@ testFirewallSingleGroup(const void *opaque)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
@@ -281,17 +281,17 @@ testFirewallRemoveRule(const void *opaque)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                                 "-A", "INPUT", NULL);
     virFirewallRuleAddArg(fw, fwrule, "--source-host");
     virFirewallRemoveRule(fw, fwrule);
 
-    fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                                 "-A", "INPUT", NULL);
     virFirewallRuleAddArg(fw, fwrule, "--source-host");
     virFirewallRuleAddArgFormat(fw, fwrule, "%s", "!192.168.122.1");
@@ -348,24 +348,24 @@ testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "OUTPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "OUTPUT",
                        "--jump", "DROP", NULL);
 
@@ -444,24 +444,24 @@ testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.255",
                        "--jump", "REJECT", NULL);
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "OUTPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "OUTPUT",
                        "--jump", "DROP", NULL);
 
@@ -519,7 +519,7 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
@@ -530,12 +530,12 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED)
                            "--source-host", "192.168.122.255",
                            "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "OUTPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "OUTPUT",
                        "--jump", "DROP", NULL);
 
@@ -591,17 +591,17 @@ testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.255",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
@@ -664,34 +664,34 @@ testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.255",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
 
     virFirewallStartRollback(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "192.168.122.255",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
@@ -753,38 +753,38 @@ testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
     virFirewallStartRollback(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.255",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
 
     virFirewallStartRollback(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "192.168.122.255",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
@@ -850,14 +850,14 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
     virFirewallStartRollback(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
@@ -865,24 +865,24 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.127",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
 
     virFirewallStartRollback(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "192.168.122.127",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
@@ -890,24 +890,24 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.255",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
 
     virFirewallStartRollback(fw, VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "192.168.122.255",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-D", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
@@ -996,7 +996,7 @@ testFirewallQueryCallback(virFirewallPtr fw,
                           void *opaque ATTRIBUTE_UNUSED)
 {
     size_t i;
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "!192.168.122.129",
                        "--jump", "REJECT", NULL);
@@ -1054,14 +1054,14 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.1",
                        "--jump", "ACCEPT", NULL);
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.127",
                        "--jump", "REJECT", NULL);
@@ -1077,7 +1077,7 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
                            NULL,
                            "-t", "nat", "-L", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.130",
                        "--jump", "REJECT", NULL);
@@ -1085,12 +1085,12 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
 
     virFirewallStartTransaction(fw, 0);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "192.168.122.128",
                        "--jump", "REJECT", NULL);
 
-    virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+    virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
                        "-A", "INPUT",
                        "--source-host", "!192.168.122.1",
                        "--jump", "REJECT", NULL);
-- 
2.7.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]