[PATCH] [TCK] nwfilter:Follow changes to clean-traffic filter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Follow the changes to the clean-traffic filter to pass the nwfilter tests.

---
 scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat |   33 +++++++----------
 1 file changed, 15 insertions(+), 18 deletions(-)

Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
+++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat
@@ -3,34 +3,31 @@
 #ebtables -t nat -L POSTROUTING | grep vnet0 | grep -v "^Bridge" | grep -v "^$"
 -o vnet0 -j libvirt-O-vnet0
 #ebtables -t nat -L libvirt-I-vnet0 | grep -v "^Bridge" | grep -v "^$"
--p IPv4 -j I-vnet0-ipv4
--p ARP -j I-vnet0-arp
+-j I-vnet0-mac
+-p IPv4 -j I-vnet0-ipv4-ip
+-p IPv4 -j ACCEPT 
+-p ARP -j I-vnet0-arp-mac
+-p ARP -j I-vnet0-arp-ip
+-p ARP -j ACCEPT 
 -p 0x8035 -j I-vnet0-rarp
 -p 0x835 -j ACCEPT 
 -j DROP 
 #ebtables -t nat -L libvirt-O-vnet0 | grep -v "^Bridge" | grep -v "^$"
 -p IPv4 -j O-vnet0-ipv4
--p ARP -j O-vnet0-arp
+-p ARP -j ACCEPT 
 -p 0x8035 -j O-vnet0-rarp
 -j DROP 
-#ebtables -t nat -L I-vnet0-ipv4 | grep -v "^Bridge" | grep -v "^$"
--s ! 52:54:0:9f:33:da -j DROP 
--p IPv4 --ip-src ! 10.1.1.1 -j DROP 
+#ebtables -t nat -L I-vnet0-ipv4-ip | grep -v "^Bridge" | grep -v "^$"
+-p IPv4 --ip-src 0.0.0.0 --ip-proto udp --ip-sport 68 -j ACCEPT 
+-p IPv4 --ip-src 10.1.1.1 -j RETURN 
+-j DROP 
 #ebtables -t nat -L O-vnet0-ipv4 | grep -v "^Bridge" | grep -v "^$"
 -j ACCEPT 
-#ebtables -t nat -L I-vnet0-arp | grep -v "^Bridge" | grep -v "^$"
--s ! 52:54:0:9f:33:da -j DROP 
--p ARP --arp-mac-src ! 52:54:0:9f:33:da -j DROP 
--p ARP --arp-ip-src ! 10.1.1.1 -j DROP 
--p ARP --arp-op Request -j ACCEPT 
--p ARP --arp-op Reply -j ACCEPT 
+#ebtables -t nat -L I-vnet0-arp-mac | grep -v "^Bridge" | grep -v "^$"
+-p ARP --arp-mac-src 52:54:0:9f:33:da -j RETURN 
 -j DROP 
-#ebtables -t nat -L O-vnet0-arp | grep -v "^Bridge" | grep -v "^$"
--p ARP --arp-gratuitous -j ACCEPT 
--p ARP --arp-op Reply --arp-mac-dst ! 52:54:0:9f:33:da -j DROP 
--p ARP --arp-ip-dst ! 10.1.1.1 -j DROP 
--p ARP --arp-op Request -j ACCEPT 
--p ARP --arp-op Reply -j ACCEPT 
+#ebtables -t nat -L I-vnet0-arp-ip | grep -v "^Bridge" | grep -v "^$"
+-p ARP --arp-ip-src 10.1.1.1 -j RETURN 
 -j DROP 
 #ip6tables -L FI-vnet0 -n
 Chain FI-vnet0 (1 references)

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]