- 14 11月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
A previous commit introduced use of locking with invocation of iptables in the viriptables.c module commit ba95426d Author: Serge Hallyn <serge.hallyn@ubuntu.com> Date: Fri Nov 1 12:36:59 2013 -0500 util: use -w flag when calling iptables This only ever had effect with the virtual network driver, as it was not wired up into the nwfilter driver. Unfortunately in the firewall refactoring the use of the -w flag was accidentally lost. This patch introduces it to the virfirewall.c module so that both the virtual network and nwfilter drivers will be using it. It also ensures that the equivalent --concurrent flag to ebtables is used.
-
- 30 4月, 2014 1 次提交
-
-
由 Pavel Hrdina 提交于
Freebsd doesn't know ENODATA so we have to use different EINVAL error code. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 25 4月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
The network and nwfilter drivers both have a need to update firewall rules. The currently share no code for interacting with iptables / firewalld. The nwfilter driver is fairly tied to the concept of creating shell scripts to execute which makes it very hard to port to talk to firewalld via DBus APIs. This patch introduces a virFirewallPtr object which is able to represent a complete sequence of rule changes, with the ability to have multiple transactional checkpoints with rollbacks. By formally separating the definition of the rules to be applied from the mechanism used to apply them, it is also possible to write a firewall engine that uses firewalld DBus APIs natively instead of via the slow firewalld-cmd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-