Follow recent changes in libvirt and add --physdev-is-bridged to test cases where needed. --- scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall | 8 ++++---- scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall | 8 ++++---- scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/ipset-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/ipt-no-macspoof-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat | 4 ++-- scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall | 2 +- scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall | 2 +- 31 files changed, 38 insertions(+), 38 deletions(-) Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall @@ -25,4 +25,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ah-test.fwall @@ -23,4 +23,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall @@ -25,7 +25,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ip6tables -L FORWARD --line-number | grep libvirt 1 libvirt-in all anywhere anywhere 2 libvirt-out all anywhere anywhere Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/all-test.fwall @@ -23,7 +23,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #iptables -L FORWARD -n --line-number | grep libvirt 1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall @@ -27,7 +27,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ip6tables -L FI-vnet0 -n Chain FI-vnet0 (1 references) target prot opt source destination @@ -56,7 +56,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #iptables -L libvirt-host-in -n | grep vnet0 | tr -s " " HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-in -n | grep vnet0 | tr -s " " @@ -64,7 +64,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ip6tables -L INPUT -n --line-numbers | grep libvirt 1 libvirt-host-in all ::/0 ::/0 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " " @@ -74,4 +74,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/conntrack-test.fwall @@ -21,4 +21,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall @@ -25,4 +25,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/esp-test.fwall @@ -23,4 +23,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall @@ -27,7 +27,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ip6tables -L FI-vnet0 -n Chain FI-vnet0 (1 references) target prot opt source destination @@ -47,7 +47,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #iptables -L libvirt-host-in -n | grep vnet0 | tr -s " " HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-in -n | grep vnet0 | tr -s " " @@ -55,7 +55,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ip6tables -L INPUT -n --line-numbers | grep libvirt 1 libvirt-host-in all ::/0 ::/0 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " " @@ -65,4 +65,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction-test.fwall @@ -20,4 +20,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction2-test.fwall @@ -20,4 +20,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-direction3-test.fwall @@ -20,4 +20,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmp-test.fwall @@ -20,4 +20,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall @@ -22,5 +22,5 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/igmp-test.fwall @@ -23,4 +23,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ipset-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ipset-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ipset-test.fwall @@ -32,7 +32,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L PREROUTING | grep vnet0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ipt-no-macspoof-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/ipt-no-macspoof-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/ipt-no-macspoof-test.fwall @@ -16,4 +16,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test1.fwall @@ -23,7 +23,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #iptables -L FORWARD -n --line-number | grep libvirt 1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test2.fwall @@ -185,7 +185,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #iptables -L FORWARD -n --line-number | grep libvirt 1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/iter-test3.fwall @@ -29,7 +29,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #iptables -L FORWARD -n --line-number | grep libvirt 1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall @@ -25,7 +25,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L PREROUTING | grep vnet0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/sctp-test.fwall @@ -23,7 +23,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L PREROUTING | grep vnet0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test.fwall @@ -41,7 +41,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #iptables -L FORWARD -n --line-number | grep libvirt 1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/target-test2.fwall @@ -26,7 +26,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #iptables -L FORWARD -n --line-number | grep libvirt 1 libvirt-in all -- 0.0.0.0/0 0.0.0.0/0 2 libvirt-out all -- 0.0.0.0/0 0.0.0.0/0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall @@ -25,7 +25,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L PREROUTING | grep vnet0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall @@ -27,7 +27,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L PREROUTING | grep vnet0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/testvm.fwall.dat @@ -48,7 +48,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #iptables -L FI-vnet0 -n Chain FI-vnet0 (1 references) target prot opt source destination @@ -68,4 +68,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall @@ -25,7 +25,7 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L PREROUTING | grep vnet0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udp-test.fwall @@ -23,7 +23,7 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged #ebtables -t nat -L libvirt-O-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L libvirt-I-vnet0 2>/dev/null | grep -v "table:" | grep -v "^$" #ebtables -t nat -L PREROUTING | grep vnet0 Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall @@ -25,4 +25,4 @@ FI-vnet0 all ::/0 ::/0 [goto] PHYSDEV ma #ip6tables -L libvirt-in-post -n | grep vnet0 ACCEPT all ::/0 ::/0 PHYSDEV match --physdev-in vnet0 #ip6tables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/udplite-test.fwall @@ -23,4 +23,4 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [got #iptables -L libvirt-in-post -n | grep vnet0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 #iptables -L libvirt-out -n | grep vnet0 | tr -s " " -FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 +FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list