[libvirt] [PATCH tck] Remove /128 from ip6tables output

Mike Latimer mlatimer at suse.com
Thu Mar 27 23:55:06 UTC 2014


Due to iptables commit 945353a2 (in iptables v1.4.20 and higher), ip6tables
no longer prints out /128. This patch removes /128 from output files, and
replaces '/128' in command output with '    ' to remain compatible with
older versions of ip6tables.

---
 scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall        | 24 +++++++++++-----------
 scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall       | 24 +++++++++++-----------
 scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall        | 12 +++++------
 scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall       | 24 +++++++++++-----------
 scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall       | 12 +++++------
 scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall         | 14 ++++++-------
 scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall      | 24 +++++++++++-----------
 scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall       | 24 +++++++++++-----------
 scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall       | 24 +++++++++++-----------
 scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall   | 24 +++++++++++-----------
 10 files changed, 103 insertions(+), 103 deletions(-)

diff --git a/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
index 8c10b04..64db89d 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/ah-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     ah       f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     ah       ::/0                 a:b:c::/128         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-RETURN     ah       ::/0                 ::10.1.2.3/128      DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN     ah       f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     ah       ::/0                 a:b:c::             DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     ah       ::/0                 ::10.1.2.3          DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     ah       a:b:c::d:e:f/128     f:e:d::c:b:a/127    DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
-ACCEPT     ah       a:b:c::/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
-ACCEPT     ah       ::10.1.2.3/128       ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT     ah       a:b:c::d:e:f         f:e:d::c:b:a/127    DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT     ah       a:b:c::              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT     ah       ::10.1.2.3           ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     ah       f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     ah       ::/0                 a:b:c::/128         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-RETURN     ah       ::/0                 ::10.1.2.3/128      DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     ah       f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     ah       ::/0                 a:b:c::             DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     ah       ::/0                 ::10.1.2.3          DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
 #ip6tables -L INPUT -n --line-numbers | grep libvirt
 1    libvirt-host-in  all      ::/0                 ::/0                
 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
index f053b39..c56b85a 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/all-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     all      f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     all      ::/0                 a:b:c::/128         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-RETURN     all      ::/0                 ::10.1.2.3/128      DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN     all      f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     all      ::/0                 a:b:c::             DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     all      ::/0                 ::10.1.2.3          DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     all      a:b:c::d:e:f/128     f:e:d::c:b:a/127    DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
-ACCEPT     all      a:b:c::/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
-ACCEPT     all      ::10.1.2.3/128       ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT     all      a:b:c::d:e:f         f:e:d::c:b:a/127    DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT     all      a:b:c::              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT     all      ::10.1.2.3           ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     all      f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     all      ::/0                 a:b:c::/128         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-RETURN     all      ::/0                 ::10.1.2.3/128      DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     all      f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     all      ::/0                 a:b:c::             DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     all      ::/0                 ::10.1.2.3          DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
 #ip6tables -L INPUT -n --line-numbers | grep libvirt
 1    libvirt-host-in  all      ::/0                 ::/0                
 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
index 038d2cb..32c5078 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/comment-test.fwall
@@ -28,24 +28,24 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
 ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-in vnet0 
 #iptables -L libvirt-out -n | grep vnet0 | tr -s " "
 FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     tcp      ::/0                 a:b:c::/128         DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */
+RETURN     tcp      ::/0                 a:b:c::             DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */
 RETURN     udp      ::/0                 ::/0                state ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3   spaces' */
 RETURN     sctp     ::/0                 ::/0                state ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and two  spaces */
 RETURN     ah       ::/0                 ::/0                state ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
-#ip6tables -L FO-vnet0 -n
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     tcp      a:b:c::/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY/* tcp/ipv6 rule */
+ACCEPT     tcp      a:b:c::              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY/* tcp/ipv6 rule */
 ACCEPT     udp      ::/0                 ::/0                state NEW,ESTABLISHED ctdir REPLY/* `ls`;${COLUMNS};$(ls);"test";&'3   spaces' */
 ACCEPT     sctp     ::/0                 ::/0                state NEW,ESTABLISHED ctdir REPLY/* comment with lone ', `, ", `, \, $x, and two  spaces */
 ACCEPT     ah       ::/0                 ::/0                state NEW,ESTABLISHED ctdir REPLY/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
-#ip6tables -L HI-vnet0 -n
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     tcp      ::/0                 a:b:c::/128         DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */
+RETURN     tcp      ::/0                 a:b:c::             DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL/* tcp/ipv6 rule */
 RETURN     udp      ::/0                 ::/0                state ESTABLISHED ctdir ORIGINAL/* `ls`;${COLUMNS};$(ls);"test";&'3   spaces' */
 RETURN     sctp     ::/0                 ::/0                state ESTABLISHED ctdir ORIGINAL/* comment with lone ', `, ", `, \, $x, and two  spaces */
 RETURN     ah       ::/0                 ::/0                state ESTABLISHED ctdir ORIGINAL/* tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp} */
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
index dbdaa36..cf3faaa 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/esp-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     esp      f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     esp      ::/0                 a:b:c::/128         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-RETURN     esp      ::/0                 ::10.1.2.3/128      DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN     esp      f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     esp      ::/0                 a:b:c::             DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     esp      ::/0                 ::10.1.2.3          DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     esp      a:b:c::d:e:f/128     f:e:d::c:b:a/127    DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
-ACCEPT     esp      a:b:c::/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
-ACCEPT     esp      ::10.1.2.3/128       ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT     esp      a:b:c::d:e:f         f:e:d::c:b:a/127    DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT     esp      a:b:c::              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT     esp      ::10.1.2.3           ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     esp      f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     esp      ::/0                 a:b:c::/128         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-RETURN     esp      ::/0                 ::10.1.2.3/128      DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     esp      f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     esp      ::/0                 a:b:c::             DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     esp      ::/0                 ::10.1.2.3          DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
 #ip6tables -L INPUT -n --line-numbers | grep libvirt
 1    libvirt-host-in  all      ::/0                 ::/0                
 #ip6tables -L libvirt-host-in -n | grep vnet0 |tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
index 2ed979e..0aaa50c 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/hex-data-test.fwall
@@ -28,18 +28,18 @@ FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
 ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-in vnet0 
 #iptables -L libvirt-out -n | grep vnet0 | tr -s " "
 FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0 --physdev-is-bridged
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     tcp      ::/0                 a:b:c::/128         DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN     tcp      ::/0                 a:b:c::             DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     tcp      a:b:c::/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT     tcp      a:b:c::              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x39 tcp spts:32:33 dpts:256:4369 state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     tcp      ::/0                 a:b:c::/128         DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
+RETURN     tcp      ::/0                 a:b:c::             DSCP match 0x39 tcp spts:256:4369 dpts:32:33 state ESTABLISHED ctdir ORIGINAL
 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
 HI-vnet0 all ::/0 ::/0 [goto] PHYSDEV match --physdev-in vnet0 
 #ip6tables -L libvirt-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
index 4749f84..b25a0e7 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/icmpv6-test.fwall
@@ -1,16 +1,16 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     icmpv6    f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED 
-#ip6tables -L FO-vnet0 -n
+RETURN     icmpv6    f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED 
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     icmpv6    a:b:c::/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED 
-ACCEPT     icmpv6    ::10.1.2.3/128       ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED
-#ip6tables -L HI-vnet0 -n
+ACCEPT     icmpv6    a:b:c::              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED 
+ACCEPT     icmpv6    ::10.1.2.3           ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21ipv6-icmp type 255 code 255 state NEW,ESTABLISHED
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     icmpv6    f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED 
+RETURN     icmpv6    f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02ipv6-icmp type 12 code 11 state NEW,ESTABLISHED 
 #ip6tables -L INPUT -n --line-numbers | grep libvirt
 1    libvirt-host-in  all      ::/0                 ::/0                
 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
index 40d51f7..90c2284 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/sctp-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     sctp     ::/0                 a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     sctp     ::/0                 a:b:c::/128         DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN     sctp     ::/0                 ::10.1.2.3/128      DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN     sctp     ::/0                 a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     sctp     ::/0                 a:b:c::             DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN     sctp     ::/0                 ::10.1.2.3          DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     sctp     a:b:c::d:e:f/128     ::/0                DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
-ACCEPT     sctp     a:b:c::/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
-ACCEPT     sctp     ::10.1.2.3/128       ::/0                MAC 01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT     sctp     a:b:c::d:e:f         ::/0                DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT     sctp     a:b:c::              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21sctp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT     sctp     ::10.1.2.3           ::/0                MAC 01:02:03:04:05:06 DSCP match 0x3fsctp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     sctp     ::/0                 a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     sctp     ::/0                 a:b:c::/128         DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN     sctp     ::/0                 ::10.1.2.3/128      DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+RETURN     sctp     ::/0                 a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     sctp     ::/0                 a:b:c::             DSCP match 0x21sctp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN     sctp     ::/0                 ::10.1.2.3          DSCP match 0x3fsctp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
 #ip6tables -L INPUT -n --line-numbers | grep libvirt
 1    libvirt-host-in  all      ::/0                 ::/0                
 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
index 2a794b8..a294a26 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/tcp-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     tcp      ::/0                 a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     tcp      ::/0                 a:b:c::/128         DSCP match 0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN     tcp      ::/0                 ::10.1.2.3/128      DSCP match 0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN     tcp      ::/0                 a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     tcp      ::/0                 a:b:c::             DSCP match 0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN     tcp      ::/0                 ::10.1.2.3          DSCP match 0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     tcp      a:b:c::d:e:f/128     ::/0                DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
-ACCEPT     tcp      a:b:c::/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
-ACCEPT     tcp      ::10.1.2.3/128       ::/0                MAC 01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT     tcp      a:b:c::d:e:f         ::/0                DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT     tcp      a:b:c::              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT     tcp      ::10.1.2.3           ::/0                MAC 01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     tcp      ::/0                 a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     tcp      ::/0                 a:b:c::/128         DSCP match 0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN     tcp      ::/0                 ::10.1.2.3/128      DSCP match 0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+RETURN     tcp      ::/0                 a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     tcp      ::/0                 a:b:c::             DSCP match 0x21tcp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN     tcp      ::/0                 ::10.1.2.3          DSCP match 0x3ftcp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
 #ip6tables -L INPUT -n --line-numbers | grep libvirt
 1    libvirt-host-in  all      ::/0                 ::/0                
 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
index 0a75421..dafaea5 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/udp-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     udp      ::/0                 a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     udp      ::/0                 ::a:b:c/128         DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN     udp      ::/0                 ::10.1.2.3/128      DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN     udp      ::/0                 a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     udp      ::/0                 ::a:b:c             DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN     udp      ::/0                 ::10.1.2.3          DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     udp      a:b:c::d:e:f/128     ::/0                DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
-ACCEPT     udp      ::a:b:c/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
-ACCEPT     udp      ::10.1.2.3/128       ::/0                MAC 01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT     udp      a:b:c::d:e:f         ::/0                DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT     udp      ::a:b:c              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21udp spts:20:21 dpts:100:1111 state NEW,ESTABLISHED ctdir REPLY
+ACCEPT     udp      ::10.1.2.3           ::/0                MAC 01:02:03:04:05:06 DSCP match 0x3fudp spts:255:256 dpt:65535 state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     udp      ::/0                 a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     udp      ::/0                 ::a:b:c/128         DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
-RETURN     udp      ::/0                 ::10.1.2.3/128      DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
+RETURN     udp      ::/0                 a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     udp      ::/0                 ::a:b:c             DSCP match 0x21udp spts:100:1111 dpts:20:21 state ESTABLISHED ctdir ORIGINAL
+RETURN     udp      ::/0                 ::10.1.2.3          DSCP match 0x3fudp spt:65535 dpts:255:256 state ESTABLISHED ctdir ORIGINAL
 #ip6tables -L INPUT -n --line-numbers | grep libvirt
 1    libvirt-host-in  all      ::/0                 ::/0                
 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
diff --git a/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall b/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
index 9173222..815a8c0 100644
--- a/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
+++ b/scripts/nwfilter/nwfilterxml2fwallout/udplite-ipv6-test.fwall
@@ -1,21 +1,21 @@
-#ip6tables -L FI-vnet0 -n
+#ip6tables -L FI-vnet0 -n | sed 's/\/128/    /'
 Chain FI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     udplite    f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     udplite    ::/0                 a:b:c::/128         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-RETURN     udplite    ::/0                 ::10.1.2.3/128      DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-#ip6tables -L FO-vnet0 -n
+RETURN     udplite    f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     udplite    ::/0                 a:b:c::             DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     udplite    ::/0                 ::10.1.2.3          DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+#ip6tables -L FO-vnet0 -n | sed 's/\/128/    /'
 Chain FO-vnet0 (1 references)
 target     prot opt source               destination         
-ACCEPT     udplite    a:b:c::d:e:f/128     f:e:d::c:b:a/127    DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
-ACCEPT     udplite    a:b:c::/128          ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
-ACCEPT     udplite    ::10.1.2.3/128       ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
-#ip6tables -L HI-vnet0 -n
+ACCEPT     udplite    a:b:c::d:e:f         f:e:d::c:b:a/127    DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
+ACCEPT     udplite    a:b:c::              ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+ACCEPT     udplite    ::10.1.2.3           ::/0                MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
+#ip6tables -L HI-vnet0 -n | sed 's/\/128/    /'
 Chain HI-vnet0 (1 references)
 target     prot opt source               destination         
-RETURN     udplite    f:e:d::c:b:a/127     a:b:c::d:e:f/128    MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
-RETURN     udplite    ::/0                 a:b:c::/128         DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
-RETURN     udplite    ::/0                 ::10.1.2.3/128      DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     udplite    f:e:d::c:b:a/127     a:b:c::d:e:f        MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
+RETURN     udplite    ::/0                 a:b:c::             DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
+RETURN     udplite    ::/0                 ::10.1.2.3          DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
 #ip6tables -L INPUT -n --line-numbers | grep libvirt
 1    libvirt-host-in  all      ::/0                 ::/0                
 #ip6tables -L libvirt-host-in -n | grep vnet0 | tr -s " "
-- 
1.8.4.5




More information about the libvir-list mailing list