提交 d2327278 编写于 作者: S Stefan Berger

nwfilter: Clear all state tracking from a drop rule

Don't use state-matching in a drop rule.
上级 3a7f2fc3
...@@ -1380,13 +1380,16 @@ _iptablesCreateRuleInstance(int directionIn, ...@@ -1380,13 +1380,16 @@ _iptablesCreateRuleInstance(int directionIn,
return 0; return 0;
} }
if (match)
virBufferVSprintf(&buf, " %s", match);
if (rule->action == VIR_NWFILTER_RULE_ACTION_ACCEPT) if (rule->action == VIR_NWFILTER_RULE_ACTION_ACCEPT)
target = accept_target; target = accept_target;
else else {
target = "DROP"; target = "DROP";
match = NULL;
}
if (match)
virBufferVSprintf(&buf, " %s", match);
virBufferVSprintf(&buf, virBufferVSprintf(&buf,
" -j %s" CMD_DEF_POST CMD_SEPARATOR " -j %s" CMD_DEF_POST CMD_SEPARATOR
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册