If only iptables rules are created then two unnecessary ebtables chains
are also created. This patch fixes this.
The chains had been cleaned up properly when the interface disappeared,
though.
---
src/nwfilter/nwfilter_ebiptables_driver.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
Index: libvirt-iterator/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-iterator.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-iterator/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3622,10 +3622,12 @@ ebiptablesApplyNewRules(const char *ifna
NWFILTER_SET_EBTABLES_SHELLVAR(&buf);
/* create needed chains */
- if (ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
- &ebtChains, &nEbtChains) < 0 ||
- ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
- &ebtChains, &nEbtChains) < 0) {
+ if ((virHashSize(chains_in_set) > 0 &&
+ ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1,
+ &ebtChains, &nEbtChains) < 0) ||
+ (virHashSize(chains_out_set) > 0 &&
+ ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_out_set, 0,
+ &ebtChains, &nEbtChains) < 0)) {
goto tear_down_tmpebchains;
}
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list