[libvirt] [PATCH] iptablesSetupPrivateChains: Be forgiving if a table does not exist
Michal Privoznik
mprivozn at redhat.com
Mon Mar 11 11:55:33 UTC 2019
On 3/11/19 11:43 AM, Daniel P. Berrangé wrote:
>
> What I mean is that this transaction is checking the filter, nat and
> mangle tables of both ipv4 and ipv6. You have a missing mangle table
> for ipv6, but this "ignore errors" policy means we'll even ignore
> the missing "filter" table for ipv4 for example which is something we
> have previously considered mandatory.
>
> We will still get a failure later when the network is started though
> I guess.
I know, and to me that's acceptable. It will not be any worse with this
patch. Only better. Because right now we fail even for IPv6 even though
you might not use it.
But fair enough. I'll post a patch documenting that IPv6 tables are
required.
Michal
More information about the libvir-list
mailing list