From 96509caf0f48ff5bd9de62c9e33e476a0a495743 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Mon, 11 Mar 2019 13:09:52 +0100 Subject: [PATCH] news: Document kernel requirements for virtual networks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After 7431b3eb9a05068e4b libvirt requires "filter", "nat" and "mangle" tables to exist for both IPv4 and IPv6. This fact was missed in the news.xml and since we don't have any better place to advertise that let's update old news. This was refined in 686803a1a2e and since that is not released yet create a new entry documenting the refinement. Signed-off-by: Michal Privoznik Reviewed-by: Daniel P. Berrangé --- docs/news.xml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/docs/news.xml b/docs/news.xml index 5c3028e10b..83e965e0f3 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -124,6 +124,18 @@ Report class information for PCI node device capability. + + + Split setup of IPv4 and IPv6 top level chain + + + The requirement resulting from private chains improvement done + in v5.1.0 was refined so that only tables from + corresponding IP version are required. This means that if a + network doesn't have IPv6 enabled then those + tables are not required. + +
@@ -202,7 +214,9 @@ Historically firewall rules for virtual networks were added straight into the base chains. This works but has a number of bugs and design limitations. To address them, libvirt now puts - firewall rules into its own chains. + firewall rules into its own chains. Note that with this change the + filter, nat and mangle tables + are required for both IPv4 and IPv6. -- GitLab