[libvirt] [PATCH] nwfilter: enable rejection of packets

Stefan Berger stefanb at linux.vnet.ibm.com
Sat Feb 19 01:28:44 UTC 2011


On 02/18/2011 11:48 AM, Laine Stump wrote:
> On 02/18/2011 09:56 AM, Stefan Berger wrote:
>> This patch adds the possibility to not just drop packets, but to also 
>> have them rejected where iptables at least sends an ICMP msg back to 
>> the originator. On ebtables this again maps into dropping packets 
>> since rejecting is not supported.
>>
>> I am adding 'since 0.8.9' to the docs assuming this will be the next 
>> version of libvirt.
>>
>> Signed-off-by: Stefan Berger <stefanb at us.ibm.com>
>>
>> ---
>>  docs/formatnwfilter.html.in               |    8 +++++---
>>  docs/schemas/nwfilter.rng                 |    1 +
>>  src/conf/nwfilter_conf.c                  |    6 ++++--
>>  src/conf/nwfilter_conf.h                  |    1 +
>>  src/nwfilter/nwfilter_ebiptables_driver.c |   15 +++++++++++++--
>>  5 files changed, 24 insertions(+), 7 deletions(-)
>
> ACK. I haven't run it, but it all looks reasonable.
>
Thanks. Pushed.

    Stefan




More information about the libvir-list mailing list