On Thu, May 07, 2020 at 10:51:12PM -0400, Laine Stump wrote: > Details are in the commit log of patch 2. Essentially, we've been > careful to only create the iptables chains once per run, because it's > very expensive, but when firewalld is restarted, it removes our > chains, so we need to put them back. > > I think this may have been a problem as far back as libvirt 5.1.0, > when we began putting our iptables rules into private chains. > > > Laine Stump (2): > network: make it safe to call networkSetupPrivateChains() multiple > times > network: force re-creation of iptables private chains on firewalld > restart > > src/network/bridge_driver.c | 16 +++--- > src/network/bridge_driver_linux.c | 77 ++++++++++++++++++---------- > src/network/bridge_driver_nop.c | 3 +- > src/network/bridge_driver_platform.h | 2 +- > 4 files changed, 62 insertions(+), 36 deletions(-) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
