This is a different approach to solving the problem describd in: https://www.redhat.com/archives/libvir-list/2019-March/msg00584.html That patch would treat each chain creation attempt as non-fatal. This means ipv4 chains still get created if ipv6 is missing, or if a subset of ip[6]tables modules are missing (eg "mangle" chain). This series takes a different approach of splitting IPv4 and IPv6 chain creation. Setup for either address family can succeed/fail independently, however, within an address family everything must still succeed. Improved error reporting means that users will see the root cause error when trying to start an error. So with this series, 'mangle' support is still compulsory for any address family, but if IPv6 lacks mangle support, this won't break IPv4 support. This is good for the default network which only does IPv4 out of the box. Daniel P. Berrangé (2): network: improve error report when firewall chain creation fails network: split setup of ipv4 and ipv6 top level chains src/network/bridge_driver.c | 3 +- src/network/bridge_driver_linux.c | 51 ++++++++++++++++++++++++---- src/network/bridge_driver_nop.c | 3 +- src/network/bridge_driver_platform.h | 2 +- src/util/viriptables.c | 14 +++----- src/util/viriptables.h | 2 +- 6 files changed, 53 insertions(+), 22 deletions(-) -- 2.20.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
