On Thu, 2009-12-10 at 12:08 +0000, Daniel P. Berrange wrote: > On Thu, Dec 10, 2009 at 11:27:55AM +0000, Mark McLoughlin wrote: > > iptablesContext no longer contains any state, so we can drop it > > > > * src/util/iptables.c, src/util/iptables.h: drop iptablesContext > > > > * src/network/bridge_driver.c: update callers > > > > * src/libvirt_private.syms: drop context new/free functions > > > Ordinarily I'd ACK this, but one of the things I want to try and do > in the future is to move all the libvirt rules out of the main > INPUT/FORWARD/OUPUT chains, and into sub-chains. I think that the > iptablesContxt struct might be useful for this, so can we leave this > patch out for now. That could done e.g. by using "libvirt-INPUT", which again wouldn't need any state It's a very nice simplification, easy to re-instate, so I'd prefer to see it gone rather than for it to stick around under the guise of "we might need it in future". Look how long it took us to delete the lokkit code after we realized it was useless :) Cheers, Mark. -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list