diff --git a/ChangeLog b/ChangeLog index 24521bc78f273339b850e892e1987c723406d06e..3b7067471e647305521c07feed6b93ad0ca2b298 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Thu Jan 10 13:56:33 GMT 2008 Mark McLoughlin + + Like --with-iptables-prefix, --with-iptables-dir is no + longer useful, so let's remove it. + + * configure.in, src/iptables.c: remove --with-iptables-dir + Thu Jan 10 13:54:10 GMT 2008 Mark McLoughlin --with-iptables-prefix was added to integrate with diff --git a/configure.in b/configure.in index cd1a4119fbde5b05fc528ce7a9b13d742ddb6afa..0fefb437db1afc406e36f3b02a5fd7353659069e 100644 --- a/configure.in +++ b/configure.in @@ -182,18 +182,6 @@ fi AM_CONDITIONAL(LIBVIRT_INIT_SCRIPTS_RED_HAT, test x$with_init_scripts = xredhat) AC_MSG_RESULT($with_init_scripts) -dnl -dnl also support saving the various chains to files -dnl in e.g. /etc/sysconfig/iptables.d -dnl -AC_ARG_WITH(iptables-dir, - AC_HELP_STRING([--with-iptables-dir=path], - [directory used to save iptables chains, defaults to not saving]), - [IPTABLES_DIR=$withval]) -if test x"$IPTABLES_DIR" != "x"; then - AC_DEFINE_UNQUOTED(IPTABLES_DIR, "$IPTABLES_DIR", [directory used for saving iptables chains]) -fi - dnl dnl ensure that Fedora's system-config-firewall knows dnl about libvirt's iptables rules diff --git a/src/iptables.c b/src/iptables.c index 12013af1cea5d95e65f85673728686d9433297e2..c865cd49eda493f572e408c1a51a2fb6d42dbf17 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -48,11 +48,6 @@ #define qemudLog(level, msg...) fprintf(stderr, msg) -#ifdef ENABLE_IPTABLES_LOKKIT -#undef IPTABLES_DIR -#define IPTABLES_DIR LOCAL_STATE_DIR "/lib/libvirt/iptables" -#endif - enum { ADD = 0, REMOVE @@ -73,12 +68,12 @@ typedef struct int nrules; iptRule *rules; -#ifdef IPTABLES_DIR +#ifdef ENABLE_IPTABLES_LOKKIT char dir[PATH_MAX]; char path[PATH_MAX]; -#endif /* IPTABLES_DIR */ +#endif /* ENABLE_IPTABLES_LOKKIT */ } iptRules; @@ -89,7 +84,6 @@ struct _iptablesContext iptRules *nat_postrouting; }; -#ifdef IPTABLES_DIR #ifdef ENABLE_IPTABLES_LOKKIT static void notifyRulesUpdated(const char *table, @@ -189,7 +183,6 @@ notifyRulesRemoved(const char *table, #undef MAX_FILE_LEN } -#endif /* ENABLE_IPTABLES_LOKKIT */ static int writeRules(const char *path, @@ -237,7 +230,7 @@ writeRules(const char *path, return 0; } -#endif /* IPTABLES_DIR */ +#endif /* ENABLE_IPTABLES_LOKKIT */ static void iptRuleFree(iptRule *rule) @@ -279,7 +272,7 @@ iptRulesAppend(iptRules *rules, rules->nrules++; -#ifdef IPTABLES_DIR +#ifdef ENABLE_IPTABLES_LOKKIT { int err; @@ -290,12 +283,9 @@ iptRulesAppend(iptRules *rules, return err; } -#ifdef ENABLE_IPTABLES_LOKKIT notifyRulesUpdated(rules->table, rules->path); #endif /* ENABLE_IPTABLES_LOKKIT */ -#endif /* IPTABLES_DIR */ - return 0; } @@ -320,7 +310,7 @@ iptRulesRemove(iptRules *rules, rules->nrules--; -#ifdef IPTABLES_DIR +#ifdef ENABLE_IPTABLES_LOKKIT { int err; @@ -328,15 +318,12 @@ iptRulesRemove(iptRules *rules, return err; } -#ifdef ENABLE_IPTABLES_LOKKIT if (rules->nrules > 0) notifyRulesUpdated(rules->table, rules->path); else notifyRulesRemoved(rules->table, rules->path); #endif /* ENABLE_IPTABLES_LOKKIT */ -#endif /* IPTABLES_DIR */ - return 0; } @@ -366,10 +353,10 @@ iptRulesFree(iptRules *rules) rules->nrules = 0; } -#ifdef IPTABLES_DIR +#ifdef ENABLE_IPTABLES_LOKKIT rules->dir[0] = '\0'; rules->path[0] = '\0'; -#endif /* IPTABLES_DIR */ +#endif /* ENABLE_IPTABLES_LOKKIT */ free(rules); } @@ -392,13 +379,14 @@ iptRulesNew(const char *table, rules->rules = NULL; rules->nrules = 0; -#ifdef IPTABLES_DIR - if (virFileBuildPath(IPTABLES_DIR, table, NULL, rules->dir, sizeof(rules->dir)) < 0) +#ifdef ENABLE_IPTABLES_LOKKIT + if (virFileBuildPath(LOCAL_STATE_DIR "/lib/libvirt/iptables", table, NULL, + rules->dir, sizeof(rules->dir)) < 0) goto error; if (virFileBuildPath(rules->dir, chain, ".chain", rules->path, sizeof(rules->path)) < 0) goto error; -#endif /* IPTABLES_DIR */ +#endif /* ENABLE_IPTABLES_LOKKIT */ return rules;