[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] bugfix: ip6tables rule removal



On 10/30/2012 03:18 PM, Gene Czarcinski wrote:
> Three FORWARD chain rules are added and two INPUT chain rules
> are added when a network is started but only the FORWARD chain
> rules are removed when the network is destroyed.
> ---
>  src/network/bridge_driver.c | 2 ++
>  1 file changed, 2 insertions(+)

ACK and pushed.

> 
> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> index f814f6f..3dbf009 100644
> --- a/src/network/bridge_driver.c
> +++ b/src/network/bridge_driver.c
> @@ -1578,6 +1578,8 @@ networkRemoveGeneralIp6tablesRules(struct network_driver *driver,
>      if (!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0))
>          return;
>  
> +    iptablesRemoveUdpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
> +    iptablesRemoveTcpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
>      iptablesRemoveForwardAllowCross(driver->iptables, AF_INET6, network->def->bridge);
>      iptablesRemoveForwardRejectIn(driver->iptables, AF_INET6, network->def->bridge);
>      iptablesRemoveForwardRejectOut(driver->iptables, AF_INET6, network->def->bridge);
> 

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]