On Thu, 22 Nov 2012 15:02:18 +0100 Natanael Copa <ncopa@xxxxxxxxxxxxxxx> wrote: > Instead of creating an iptables command in one shot, do it in steps > so we can add conditional options like physdev and protocol. > > This removes code duplication while keeping existing behaviour. > > Signed-off-by: Natanael Copa <ncopa@xxxxxxxxxxxxxxx> > --- > > This started with me wanting to add support for setting the public ip source > address when network mode='nat' and there are multiple public ip addresses > on the external interface. > > On IRC we talked about adding an option in the xml like this: > <network> > <forward mode='nat' publicaddr='n.n.n.n'/> > </network> > > Which would make iptables use '-j SNAT --to-source n.n.n.n' instead of > '-j MASQUERADE'. > > However with the current approach we would need to construct 8 different > iptables command combinations, hence the need for refactoring. I forgot to add that I havent' tested if the code runs. -nc -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list