On 10/19/2011 01:51 AM, Daniel P. Berrange wrote:
On Tue, Oct 18, 2011 at 12:55:25PM -0700, David L Stevens wrote:
This patch adds support for "continue" and "return" actions
in filter rules.
Signed-off-by: David L Stevens<dlstevens@xxxxxxxxxx>
ACK
Though it'd be good to update docs/nwfilter.html.in too to mention this
I'm squashing in this, so they are at least documented, but I didn't
know how to work them into an example, so further content updates from
you would be helpful. I also added you to AUTHORS; let me know if any
spelling updates are needed.
diff --git i/docs/formatnwfilter.html.in w/docs/formatnwfilter.html.in
index 8df4a93..5e9daea 100644
--- i/docs/formatnwfilter.html.in
+++ w/docs/formatnwfilter.html.in
@@ -258,11 +258,19 @@
</p>
<ul>
<li>
- action -- mandatory; must either be <code>drop</code>,
- <code>reject</code><span class="since">(since 0.9.0)</span>,
- or <code>accept</code> if
- the evaluation of the filtering rule is supposed to drop,
- reject (using ICMP message), or accept a packet
+ action -- mandatory; must either be <code>drop</code>
+ (matching the rule silently discards the packet with no
+ further analysis),
+ <code>reject</code> (matching the rule generates an ICMP
+ reject message with no further analysis) <span class="since">(since
+ 0.9.0)</span>, <code>accept</code> (matching the rule accepts
+ the packet with no further analysis), <code>return</code>
+ (matching the rule passes this filter, but returns control to
+ the calling filter for further
+ analysis) <span class="since">(since 0.9.7)</span>,
+ or <code>continue<code> (matching the rule goes on to the next
+ rule for further analysis) <span class="since">(since
+ 0.9.7)</span>.
</li>
<li>
direction -- mandatory; must either be <code>in</code>,
<code>out</code> or
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list