On 5/2/24 8:20 AM, Daniel P. Berrangé wrote:
On Tue, Apr 30, 2024 at 01:44:01PM -0400, Laine Stump wrote:
It still can have only one useful value ("iptables"), but once a 2nd
value is supported, it will be selectable by setting
"firewall_backend=nftables" in /etc/libvirt/network.conf.
If firewall_backend isn't set in network.conf, then libvirt will check
to see if the iptables binary is present on the system and set
firewallBackend to iptables - if no iptables binary is found, that is
considered a fatal error (since no networks can be started anyway), so
an error is logged and startup of the network driver fails.
NB: network.conf is itself created from network.conf.in at build time,
and the advertised default setting of firewall_backend (in a commented
out line) is set from the meson_options.txt setting
"firewall_backend". This way the conf file will have correct
information no matter what default backend is chosen at build time.
Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
I didn't give a R-B for this patch,
Oops! Sorry for the misrepresentation! I put in the R-B's back in V3
with a script that added it to all the patches on the branch (since
there were more approved than not approved, that was quickest), and then
manually removed it from all of them that you hadn't approved by doing a
"git rebase -i master" and going through the list marking all the
unapproved patches with "r"; I messed this one up somehow, hopefully not
by getting off-by-one somewhere in the sequence and leaving the wrong
patches with R-B :-/. I guess I need to go back and check all of them again.
and this still
has the problem I pointed out in v3, where if the
network.conf does not exist on disk at all, the
backend detction logic doesn't run.
Ah, yes, I completely forgot to put that one in my list of things to fix
this time!
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx