On 5/2/24 8:20 AM, Daniel P. Berrangé wrote:
On Tue, Apr 30, 2024 at 01:44:01PM -0400, Laine Stump wrote:It still can have only one useful value ("iptables"), but once a 2nd value is supported, it will be selectable by setting "firewall_backend=nftables" in /etc/libvirt/network.conf. If firewall_backend isn't set in network.conf, then libvirt will check to see if the iptables binary is present on the system and set firewallBackend to iptables - if no iptables binary is found, that is considered a fatal error (since no networks can be started anyway), so an error is logged and startup of the network driver fails. NB: network.conf is itself created from network.conf.in at build time, and the advertised default setting of firewall_backend (in a commented out line) is set from the meson_options.txt setting "firewall_backend". This way the conf file will have correct information no matter what default backend is chosen at build time. Signed-off-by: Laine Stump <laine@xxxxxxxxxx> Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>I didn't give a R-B for this patch,
Oops! Sorry for the misrepresentation! I put in the R-B's back in V3 with a script that added it to all the patches on the branch (since there were more approved than not approved, that was quickest), and then manually removed it from all of them that you hadn't approved by doing a "git rebase -i master" and going through the list marking all the unapproved patches with "r"; I messed this one up somehow, hopefully not by getting off-by-one somewhere in the sequence and leaving the wrong patches with R-B :-/. I guess I need to go back and check all of them again.
and this still has the problem I pointed out in v3, where if the network.conf does not exist on disk at all, the backend detction logic doesn't run.
Ah, yes, I completely forgot to put that one in my list of things to fix this time!
_______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
