[libvirt] [PATCH 11/26] Introduce an object for managing firewall rulesets
Stefan Berger
stefanb at linux.vnet.ibm.com
Thu Apr 17 10:34:12 UTC 2014
On 04/08/2014 11:38 AM, Daniel P. Berrange wrote:
> The network and nwfilter drivers both have a need to update
> firewall rules. The currently share no code for interacting
> with iptables / firewalld. The nwfilter driver is fairly
> tied to the concept of creating shell scripts to execute
> which makes it very hard to port to talk to firewalld via
> DBus APIs.
>
> This patch introduces a virFirewallPtr object which is able
> to represent a complete sequence of rule changes, with the
> ability to have multiple transactional checkpoints with
> rollbacks. By formally separating the definition of the rules
> to be applied from the mechanism used to apply them, it is
> also possible to write a firewall engine that uses firewalld
> DBus APIs natively instead of via the slow firewalld-cmd.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
You should add this here:
--- ./po/POTFILES.in
+++ ./po/POTFILES.in
@@ -163,7 +163,6 @@
src/util/virerror.h
src/util/vireventpoll.c
src/util/virfile.c
+src/util/virfirewall.c
src/util/virhash.c
src/util/virhook.c
src/util/virhostdev.c
Regards,
Stefan
More information about the libvir-list
mailing list