Re: [libvirt] [PATCH] Add support for firewalld

On 04/23/2012 05:11 PM, Thomas Woerner wrote:
Add support for firewalld

* bridge_driver, nwfilter_driver: new dbus filters to get FirewallD1.Reloaded
   signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1
* iptables, ebtables, nwfilter_ebiptables_driver: use firewall-cmd direct
   passthrough interface

After some more massaging of the nwfilter code, my suggestion would now be to split this patch up into two parts, one touching the nwfilter driver, the other (1st) part for the rest. I did a lot of changes in the nwfilter driver that I can send you and you may want to merge or I can merge it with your nwfilter-related code changes.

It seems to be working when using the firewall-cmd, but unfortunately running the TCK test suite for example is like 8 times slower when using firewalld. Also the VM startup times have significantly increased. :-((

Is this scheduled to be included in the next libvirt release ? I guess architecturally it also is needed for FC 17, so is the plan then to include the latest version of libvirt with firewalld support in FC17?


