[PATCH] nwfilter: also purge ip(6)tables rules before detecting IP address

Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx> · Tue, 16 Nov 2010 07:29:01 -0500

Rather than only cleaning any remaining ebtables rules, also clean those 
applied to iptables and ip6tables when detecting the IP address of an 
interface. Previous applied iptables rules may hinder DHCP packets.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>

---
 src/nwfilter/nwfilter_ebiptables_driver.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================

--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -117,6 +117,7 @@ static int ebtablesRemoveBasicRules(cons
 static int ebiptablesDriverInit(void);
 static void ebiptablesDriverShutdown(void);
 static int ebtablesCleanAll(const char *ifname);
+static int ebiptablesAllTeardown(const char *ifname);

 static virMutex execCLIMutex;

@@ -2942,7 +2943,7 @@ ebtablesApplyBasicRules(const char *ifna

     virFormatMacAddr(macaddr, macaddr_str);

-    ebtablesCleanAll(ifname);
+    ebiptablesAllTeardown(ifname);

     ebtablesCreateTmpRootChain(&buf, 1, ifname, 1);

@@ -3041,7 +3042,7 @@ ebtablesApplyDHCPOnlyRules(const char *i

     virFormatMacAddr(macaddr, macaddr_str);

-    ebtablesCleanAll(ifname);
+    ebiptablesAllTeardown(ifname);

     ebtablesCreateTmpRootChain(&buf, 1, ifname, 1);
     ebtablesCreateTmpRootChain(&buf, 0, ifname, 1);
@@ -3143,7 +3144,7 @@ ebtablesApplyDropAllRules(const char *if
         return 1;
     }

-    ebtablesCleanAll(ifname);
+    ebiptablesAllTeardown(ifname);

     ebtablesCreateTmpRootChain(&buf, 1, ifname, 1);
     ebtablesCreateTmpRootChain(&buf, 0, ifname, 1);

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





