static void
@@ -4248,46 +4271,31 @@ ebiptablesTearNewRules(const char *ifname)
static int
ebiptablesTearOldRules(const char *ifname)
{
- virBuffer buf = VIR_BUFFER_INITIALIZER;
-
- /* switch to new iptables user defined chains */
- if (iptables_cmd_path) {
- NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
-
- iptablesUnlinkRootChains(&buf, ifname);
- iptablesRemoveRootChains(&buf, ifname);
-
- iptablesRenameTmpRootChains(&buf, ifname);
- ebiptablesExecCLI(&buf, true, NULL);
- }
-
- if (ip6tables_cmd_path) {
- NWFILTER_SET_IP6TABLES_SHELLVAR(&buf);
-
- iptablesUnlinkRootChains(&buf, ifname);
- iptablesRemoveRootChains(&buf, ifname);
-
- iptablesRenameTmpRootChains(&buf, ifname);
- ebiptablesExecCLI(&buf, true, NULL);
- }
-
- if (ebtables_cmd_path) {
- NWFILTER_SET_EBTABLES_SHELLVAR(&buf);
-
- ebtablesUnlinkRootChain(&buf, true, ifname);
- ebtablesUnlinkRootChain(&buf, false, ifname);
+ virFirewallPtr fw = virFirewallNew();
+ int ret = -1;
- ebtablesRemoveSubChains(&buf, ifname);
+ virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
- ebtablesRemoveRootChain(&buf, true, ifname);
- ebtablesRemoveRootChain(&buf, false, ifname);
+ iptablesUnlinkRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV4, ifname);
+ iptablesRemoveRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV4, ifname);
+ iptablesRenameTmpRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV4, ifname);
- ebtablesRenameTmpSubAndRootChains(&buf, ifname);
+ iptablesUnlinkRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV6, ifname);
+ iptablesRemoveRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV6, ifname);
+ iptablesRenameTmpRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV6, ifname);
- ebiptablesExecCLI(&buf, true, NULL);
- }
+ ebtablesUnlinkRootChainFW(fw, true, ifname);
+ ebtablesUnlinkRootChainFW(fw, false, ifname);
+ ebtablesRemoveSubChainsFW(fw, ifname);
+ ebtablesRemoveRootChainFW(fw, true, ifname);
+ ebtablesRemoveRootChainFW(fw, false, ifname);
+ ebtablesRenameTmpSubAndRootChainsFW(fw, ifname);
- return 0;
+ virMutexLock(&execCLIMutex);
+ ret = virFirewallApply(fw);
+ virMutexUnlock(&execCLIMutex);
+ virFirewallFree(fw);
+ return ret;
}