On Thu, May 02, 2024 at 01:05:37PM -0400, Laine Stump wrote:
> On 5/2/24 8:20 AM, Daniel P. Berrangé wrote:
> > On Tue, Apr 30, 2024 at 01:44:01PM -0400, Laine Stump wrote:
> > > It still can have only one useful value ("iptables"), but once a 2nd
> > > value is supported, it will be selectable by setting
> > > "firewall_backend=nftables" in /etc/libvirt/network.conf.
> > >
> > > If firewall_backend isn't set in network.conf, then libvirt will check
> > > to see if the iptables binary is present on the system and set
> > > firewallBackend to iptables - if no iptables binary is found, that is
> > > considered a fatal error (since no networks can be started anyway), so
> > > an error is logged and startup of the network driver fails.
> > >
> > > NB: network.conf is itself created from network.conf.in at build time,
> > > and the advertised default setting of firewall_backend (in a commented
> > > out line) is set from the meson_options.txt setting
> > > "firewall_backend". This way the conf file will have correct
> > > information no matter what default backend is chosen at build time.
> > >
> > > Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
> > > Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> >
> > I didn't give a R-B for this patch,
>
> Oops! Sorry for the misrepresentation! I put in the R-B's back in V3 with a
> script that added it to all the patches on the branch (since there were more
> approved than not approved, that was quickest), and then manually removed it
> from all of them that you hadn't approved by doing a "git rebase -i master"
> and going through the list marking all the unapproved patches with "r"; I
> messed this one up somehow, hopefully not by getting off-by-one somewhere in
> the sequence and leaving the wrong patches with R-B :-/. I guess I need to
> go back and check all of them again.
Don't worry about it - the rest looks fnie.
> > and this still
> > has the problem I pointed out in v3, where if the
> > network.conf does not exist on disk at all, the
> > backend detction logic doesn't run.
>
> Ah, yes, I completely forgot to put that one in my list of things to fix
> this time!
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
