On Fri, Jun 11, 2010 at 10:41:50AM -0400, Stefan Berger wrote: > This patch adds an optional XML attribute to a nwfilter rule to give the > user control over whether the rule is supposed to be using the match > target or not. A rule may now look like as follows with the nomatch > attribute either having value '1' or 'true' (case-insensitive). > > [...] > <rule action='accept' direction='in' nomatch='true'> Having inverted boolean flags is a little wierd. Can't this be written as match=false instead ? > <tcp srcmacaddr='1:2:3:4:5:6' > srcipaddr='10.1.2.3' srcipmask='32' > dscp='33' > srcportstart='20' srcportend='21' > dstportstart='100' dstportend='1111'/> > </rule> > [...] > > I am also extending the nwfilter schema and add this attribute to a test > case. I'm not sure I really understand what this is doing. Can you give a quick example of what the iptables command looks like, with and without the nomatch attribute set Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list