On Tue, Apr 24, 2012 at 10:20:32AM -0400, Stefan Berger wrote: > On 04/23/2012 05:11 PM, Thomas Woerner wrote: > >Add support for firewalld > > > >* bridge_driver, nwfilter_driver: new dbus filters to get FirewallD1.Reloaded > > signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1 > >* iptables, ebtables, nwfilter_ebiptables_driver: use firewall-cmd direct > > passthrough interface > > After some more massaging of the nwfilter code, my suggestion would > now be to split this patch up into two parts, one touching the > nwfilter driver, the other (1st) part for the rest. I did a lot of > changes in the nwfilter driver that I can send you and you may want > to merge or I can merge it with your nwfilter-related code changes. > > It seems to be working when using the firewall-cmd, but > unfortunately running the TCK test suite for example is like 8 times > slower when using firewalld. Also the VM startup times have > significantly increased. :-(( I wonder if that would be improved by making DBus calls directly to firewalld, instead of invoking firewalld-cmd all the time. The latter is unquestionably inefficient compared to DBus calls, but it'd be interesting to know if that's really what's causing the x8 slowdown. > Is this scheduled to be included in the next libvirt release ? I > guess architecturally it also is needed for FC 17, so is the plan > then to include the latest version of libvirt with firewalld support > in FC17? The libvirt in Fedora 17 is frozen at this point. So if we did include this, it'd be cherry-picking backports. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list