From 91f9157e5b807ba641bc52593911f037445ec613 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Thu, 5 Nov 2009 20:28:11 +0100
Subject: [PATCH] only remove masquerade roles for VIR_NETWORK_FORWARD_NAT

Fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549949
---
 src/network/bridge_driver.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 905c498c76..0342aa082a 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -783,16 +783,15 @@ static void
 networkRemoveIptablesRules(struct network_driver *driver,
                          virNetworkObjPtr network) {
     if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) {
-        iptablesRemoveForwardMasquerade(driver->iptables,
-                                        network->def->network,
-                                        network->def->forwardDev);
-
-        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT)
+        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) {
+            iptablesRemoveForwardMasquerade(driver->iptables,
+                                                network->def->network,
+                                                network->def->forwardDev);
             iptablesRemoveForwardAllowRelatedIn(driver->iptables,
                                                 network->def->network,
                                                 network->def->bridge,
                                                 network->def->forwardDev);
-        else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
+        } else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
             iptablesRemoveForwardAllowIn(driver->iptables,
                                          network->def->network,
                                          network->def->bridge,
-- 
GitLab