Add the -n flag to the iptables command where it is missing to avoid delays due to name resolution. --- scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall | 9 +++++---- scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall | 8 ++++---- scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall | 8 ++++---- 3 files changed, 13 insertions(+), 12 deletions(-) Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall @@ -24,7 +24,8 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 -#iptables -L FORWARD --line-number | grep libvirt -1 libvirt-in all -- anywhere anywhere -2 libvirt-out all -- anywhere anywhere -3 libvirt-in-post all -- anywhere anywhere +#iptables -L FORWARD -n --line-number | grep libvirt +1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 +2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 +3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0 + Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall @@ -42,10 +42,10 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 -#iptables -L FORWARD --line-number | grep libvirt -1 libvirt-in all -- anywhere anywhere -2 libvirt-out all -- anywhere anywhere -3 libvirt-in-post all -- anywhere anywhere +#iptables -L FORWARD -n --line-number | grep libvirt +1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 +2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 +3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0 #ebtables -t nat -L PREROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$" -i vnet0 -j libvirt-I-vnet0 #ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$" Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall @@ -27,8 +27,8 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 -#iptables -L FORWARD --line-number | grep libvirt -1 libvirt-in all -- anywhere anywhere -2 libvirt-out all -- anywhere anywhere -3 libvirt-in-post all -- anywhere anywhere +#iptables -L FORWARD -n --line-number | grep libvirt +1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 +2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 +3 libvirt-in-post all -- 0.0.0.0/0 0.0.0.0/0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list