On 09/23/2010 09:53 AM, Stefan Berger wrote:
The patch below reports a warning in the log if the generated ip(6)tables rules would not be effective due to the proc filesystem entries /proc/sys/net/bridge/bridge-nf-call-iptables /proc/sys/net/bridge/bridge-nf-call-ip6tables containing a '0'. The warning tells the user what to do. I am rate-limiting the warning message to appear only every 10 seconds.
ACK; looks like a reasonable way to warn about the issue, leaving the resolution in the user's hands to either update the kernel state or rewrite their nwfilter rules to not rely on iptables.
-- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list