In the case that a new version of libvirt is started that uses different rules to build the network firewall, we need to re-save the status so that when the network is destroyed (or the *next* time libvirt is restarted and wants to remove/re-add the firewall), it will have the proper information to perform the firewall removal. Signed-off-by: Laine Stump <laine@xxxxxxxxxx> Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- src/conf/virnetworkobj.c | 1 + src/network/bridge_driver.c | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/conf/virnetworkobj.c b/src/conf/virnetworkobj.c index f5db4c5804..19305798cb 100644 --- a/src/conf/virnetworkobj.c +++ b/src/conf/virnetworkobj.c @@ -834,6 +834,7 @@ virNetworkObjSaveStatus(const char *statusDir, int flags = 0; g_autofree char *xml = NULL; + VIR_DEBUG("Writing network status to disk"); if (!(xml = virNetworkObjFormat(obj, xmlopt, flags))) return -1; diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 1b4c5aedf2..53a896feb9 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -1686,6 +1686,7 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj, VIR_LOCK_GUARD lock = virObjectLockGuard(obj); virNetworkDef *def = virNetworkObjGetDef(obj); virFirewall *fwRemoval = NULL; + bool saveStatus = false; if (virNetworkObjIsActive(obj)) { switch ((virNetworkForwardType) def->forward.type) { @@ -1700,6 +1701,7 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj, networkRemoveFirewallRules(obj); ignore_value(networkAddFirewallRules(def, cfg->firewallBackend, &fwRemoval)); virNetworkObjSetFwRemoval(obj, fwRemoval); + saveStatus = true; break; case VIR_NETWORK_FORWARD_OPEN: @@ -1717,6 +1719,11 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj, } } + if (saveStatus) { + ignore_value(virNetworkObjSaveStatus(cfg->stateDir, obj, + network_driver->xmlopt)); + } + return 0; } @@ -2366,7 +2373,6 @@ networkStartNetwork(virNetworkDriverState *driver, /* Persist the live configuration now that anything autogenerated * is setup. */ - VIR_DEBUG("Writing network status to disk"); if (virNetworkObjSaveStatus(cfg->stateDir, obj, network_driver->xmlopt) < 0) goto cleanup; -- 2.45.0