Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
libvirt
revert-7431b3eb.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File revert-7431b3eb.patch of Package libvirt
commit f6c5babbbf831b9ea2fdcfc783b5fd998bf8ffdd Author: Jim Fehlig <jfehlig@suse.com> Date: Thu Apr 25 09:15:00 2019 -0600 Revert "util: move virtual network firwall rules into private chains" This reverts commit 7431b3eb9a05068e4ba05d0bb236b440b33eb1ab. See bsc#1133229 Index: libvirt-5.1.0/src/libvirt_private.syms =================================================================== --- libvirt-5.1.0.orig/src/libvirt_private.syms +++ libvirt-5.1.0/src/libvirt_private.syms @@ -2087,7 +2087,6 @@ iptablesRemoveOutputFixUdpChecksum; iptablesRemoveTcpInput; iptablesRemoveUdpInput; iptablesRemoveUdpOutput; -iptablesSetDeletePrivate; iptablesSetupPrivateChains; Index: libvirt-5.1.0/src/network/bridge_driver_linux.c =================================================================== --- libvirt-5.1.0.orig/src/network/bridge_driver_linux.c +++ libvirt-5.1.0/src/network/bridge_driver_linux.c @@ -35,35 +35,17 @@ VIR_LOG_INIT("network.bridge_driver_linu #define PROC_NET_ROUTE "/proc/net/route" -int networkPreReloadFirewallRules(bool startup) +int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) { int ret = iptablesSetupPrivateChains(); if (ret < 0) return -1; - - /* - * If this is initial startup, and we just created the - * top level private chains we either - * - * - upgraded from old libvirt - * - freshly booted from clean state - * - * In the first case we must delete the old rules from - * the built-in chains, instead of our new private chains. - * In the second case it doesn't matter, since no existing - * rules will be present. Thus we can safely just tell it - * to always delete from the builin chain - */ - if (startup && ret == 1) - iptablesSetDeletePrivate(false); - return 0; } void networkPostReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) { - iptablesSetDeletePrivate(true); } Index: libvirt-5.1.0/src/util/viriptables.c =================================================================== --- libvirt-5.1.0.orig/src/util/viriptables.c +++ libvirt-5.1.0/src/util/viriptables.c @@ -48,7 +48,6 @@ enum { REMOVE }; -static bool deletePrivate = true; typedef struct { const char *parent; @@ -180,17 +179,9 @@ iptablesSetupPrivateChains(void) } -void -iptablesSetDeletePrivate(bool pvt) -{ - deletePrivate = pvt; -} - - static void iptablesInput(virFirewallPtr fw, virFirewallLayer layer, - bool pvt, const char *iface, int port, int action, @@ -203,8 +194,7 @@ iptablesInput(virFirewallPtr fw, virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_INP" : "INPUT", + action == ADD ? "--insert" : "--delete", "INPUT", "--in-interface", iface, "--protocol", tcp ? "tcp" : "udp", "--destination-port", portstr, @@ -215,7 +205,6 @@ iptablesInput(virFirewallPtr fw, static void iptablesOutput(virFirewallPtr fw, virFirewallLayer layer, - bool pvt, const char *iface, int port, int action, @@ -228,8 +217,7 @@ iptablesOutput(virFirewallPtr fw, virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_OUT" : "OUTPUT", + action == ADD ? "--insert" : "--delete", "OUTPUT", "--out-interface", iface, "--protocol", tcp ? "tcp" : "udp", "--destination-port", portstr, @@ -252,7 +240,7 @@ iptablesAddTcpInput(virFirewallPtr fw, const char *iface, int port) { - iptablesInput(fw, layer, true, iface, port, ADD, 1); + iptablesInput(fw, layer, iface, port, ADD, 1); } /** @@ -270,7 +258,7 @@ iptablesRemoveTcpInput(virFirewallPtr fw const char *iface, int port) { - iptablesInput(fw, layer, deletePrivate, iface, port, REMOVE, 1); + iptablesInput(fw, layer, iface, port, REMOVE, 1); } /** @@ -288,7 +276,7 @@ iptablesAddUdpInput(virFirewallPtr fw, const char *iface, int port) { - iptablesInput(fw, layer, true, iface, port, ADD, 0); + iptablesInput(fw, layer, iface, port, ADD, 0); } /** @@ -306,7 +294,7 @@ iptablesRemoveUdpInput(virFirewallPtr fw const char *iface, int port) { - iptablesInput(fw, layer, deletePrivate, iface, port, REMOVE, 0); + return iptablesInput(fw, layer, iface, port, REMOVE, 0); } /** @@ -324,7 +312,7 @@ iptablesAddUdpOutput(virFirewallPtr fw, const char *iface, int port) { - iptablesOutput(fw, layer, true, iface, port, ADD, 0); + iptablesOutput(fw, layer, iface, port, ADD, 0); } /** @@ -342,7 +330,7 @@ iptablesRemoveUdpOutput(virFirewallPtr f const char *iface, int port) { - iptablesOutput(fw, layer, deletePrivate, iface, port, REMOVE, 0); + iptablesOutput(fw, layer, iface, port, REMOVE, 0); } @@ -382,7 +370,6 @@ static char *iptablesFormatNetwork(virSo */ static int iptablesForwardAllowOut(virFirewallPtr fw, - bool pvt, virSocketAddr *netaddr, unsigned int prefix, const char *iface, @@ -399,8 +386,7 @@ iptablesForwardAllowOut(virFirewallPtr f if (physdev && physdev[0]) virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_FWO" : "FORWARD", + action == ADD ? "--insert" : "--delete", "FORWARD", "--source", networkstr, "--in-interface", iface, "--out-interface", physdev, @@ -409,8 +395,7 @@ iptablesForwardAllowOut(virFirewallPtr f else virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_FWO" : "FORWARD", + action == ADD ? "--insert" : "--delete", "FORWARD", "--source", networkstr, "--in-interface", iface, "--jump", "ACCEPT", @@ -439,7 +424,7 @@ iptablesAddForwardAllowOut(virFirewallPt const char *iface, const char *physdev) { - return iptablesForwardAllowOut(fw, true, netaddr, prefix, iface, physdev, ADD); + return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, ADD); } /** @@ -462,7 +447,7 @@ iptablesRemoveForwardAllowOut(virFirewal const char *iface, const char *physdev) { - return iptablesForwardAllowOut(fw, deletePrivate, netaddr, prefix, iface, physdev, REMOVE); + return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, REMOVE); } @@ -471,7 +456,6 @@ iptablesRemoveForwardAllowOut(virFirewal */ static int iptablesForwardAllowRelatedIn(virFirewallPtr fw, - bool pvt, virSocketAddr *netaddr, unsigned int prefix, const char *iface, @@ -488,8 +472,7 @@ iptablesForwardAllowRelatedIn(virFirewal if (physdev && physdev[0]) virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_FWI" : "FORWARD", + action == ADD ? "--insert" : "--delete", "FORWARD", "--destination", networkstr, "--in-interface", physdev, "--out-interface", iface, @@ -500,8 +483,7 @@ iptablesForwardAllowRelatedIn(virFirewal else virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_FWI" : "FORWARD", + action == ADD ? "--insert" : "--delete", "FORWARD", "--destination", networkstr, "--out-interface", iface, "--match", "conntrack", @@ -532,7 +514,7 @@ iptablesAddForwardAllowRelatedIn(virFire const char *iface, const char *physdev) { - return iptablesForwardAllowRelatedIn(fw, true, netaddr, prefix, iface, physdev, ADD); + return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev, ADD); } /** @@ -555,14 +537,13 @@ iptablesRemoveForwardAllowRelatedIn(virF const char *iface, const char *physdev) { - return iptablesForwardAllowRelatedIn(fw, deletePrivate, netaddr, prefix, iface, physdev, REMOVE); + return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev, REMOVE); } /* Allow all traffic destined to the bridge, with a valid network address */ static int iptablesForwardAllowIn(virFirewallPtr fw, - bool pvt, virSocketAddr *netaddr, unsigned int prefix, const char *iface, @@ -579,8 +560,7 @@ iptablesForwardAllowIn(virFirewallPtr fw if (physdev && physdev[0]) virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_FWI" : "FORWARD", + action == ADD ? "--insert" : "--delete", "FORWARD", "--destination", networkstr, "--in-interface", physdev, "--out-interface", iface, @@ -589,8 +569,7 @@ iptablesForwardAllowIn(virFirewallPtr fw else virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_FWI" : "FORWARD", + action == ADD ? "--insert" : "--delete", "FORWARD", "--destination", networkstr, "--out-interface", iface, "--jump", "ACCEPT", @@ -618,7 +597,7 @@ iptablesAddForwardAllowIn(virFirewallPtr const char *iface, const char *physdev) { - return iptablesForwardAllowIn(fw, true, netaddr, prefix, iface, physdev, ADD); + return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, ADD); } /** @@ -641,20 +620,18 @@ iptablesRemoveForwardAllowIn(virFirewall const char *iface, const char *physdev) { - return iptablesForwardAllowIn(fw, deletePrivate, netaddr, prefix, iface, physdev, REMOVE); + return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, REMOVE); } static void iptablesForwardAllowCross(virFirewallPtr fw, virFirewallLayer layer, - bool pvt, const char *iface, int action) { virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_FWX" : "FORWARD", + action == ADD ? "--insert" : "--delete", "FORWARD", "--in-interface", iface, "--out-interface", iface, "--jump", "ACCEPT", @@ -677,7 +654,7 @@ iptablesAddForwardAllowCross(virFirewall virFirewallLayer layer, const char *iface) { - iptablesForwardAllowCross(fw, layer, true, iface, ADD); + iptablesForwardAllowCross(fw, layer, iface, ADD); } /** @@ -696,20 +673,18 @@ iptablesRemoveForwardAllowCross(virFirew virFirewallLayer layer, const char *iface) { - iptablesForwardAllowCross(fw, layer, deletePrivate, iface, REMOVE); + iptablesForwardAllowCross(fw, layer, iface, REMOVE); } static void iptablesForwardRejectOut(virFirewallPtr fw, virFirewallLayer layer, - bool pvt, const char *iface, int action) { virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_FWO" : "FORWARD", + action == ADD ? "--insert" : "delete", "FORWARD", "--in-interface", iface, "--jump", "REJECT", NULL); @@ -730,7 +705,7 @@ iptablesAddForwardRejectOut(virFirewallP virFirewallLayer layer, const char *iface) { - iptablesForwardRejectOut(fw, layer, true, iface, ADD); + iptablesForwardRejectOut(fw, layer, iface, ADD); } /** @@ -748,21 +723,19 @@ iptablesRemoveForwardRejectOut(virFirewa virFirewallLayer layer, const char *iface) { - iptablesForwardRejectOut(fw, layer, deletePrivate, iface, REMOVE); + iptablesForwardRejectOut(fw, layer, iface, REMOVE); } static void iptablesForwardRejectIn(virFirewallPtr fw, virFirewallLayer layer, - bool pvt, const char *iface, int action) { virFirewallAddRule(fw, layer, "--table", "filter", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_FWI" : "FORWARD", + action == ADD ? "--insert" : "--delete", "FORWARD", "--out-interface", iface, "--jump", "REJECT", NULL); @@ -783,7 +756,7 @@ iptablesAddForwardRejectIn(virFirewallPt virFirewallLayer layer, const char *iface) { - iptablesForwardRejectIn(fw, layer, true, iface, ADD); + iptablesForwardRejectIn(fw, layer, iface, ADD); } /** @@ -801,7 +774,7 @@ iptablesRemoveForwardRejectIn(virFirewal virFirewallLayer layer, const char *iface) { - iptablesForwardRejectIn(fw, layer, deletePrivate, iface, REMOVE); + iptablesForwardRejectIn(fw, layer, iface, REMOVE); } @@ -810,7 +783,6 @@ iptablesRemoveForwardRejectIn(virFirewal */ static int iptablesForwardMasquerade(virFirewallPtr fw, - bool pvt, virSocketAddr *netaddr, unsigned int prefix, const char *physdev, @@ -849,8 +821,7 @@ iptablesForwardMasquerade(virFirewallPtr if (protocol && protocol[0]) { rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "--table", "nat", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_PRT" : "POSTROUTING", + action == ADD ? "--insert" : "--delete", "POSTROUTING", "--source", networkstr, "-p", protocol, "!", "--destination", networkstr, @@ -858,8 +829,7 @@ iptablesForwardMasquerade(virFirewallPtr } else { rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "--table", "nat", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_PRT" : "POSTROUTING", + action == ADD ? "--insert" : "--delete", "POSTROUTING", "--source", networkstr, "!", "--destination", networkstr, NULL); @@ -937,8 +907,8 @@ iptablesAddForwardMasquerade(virFirewall virPortRangePtr port, const char *protocol) { - return iptablesForwardMasquerade(fw, true, netaddr, prefix, - physdev, addr, port, protocol, ADD); + return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, + protocol, ADD); } /** @@ -963,8 +933,8 @@ iptablesRemoveForwardMasquerade(virFirew virPortRangePtr port, const char *protocol) { - return iptablesForwardMasquerade(fw, deletePrivate, netaddr, prefix, - physdev, addr, port, protocol, REMOVE); + return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, + protocol, REMOVE); } @@ -973,7 +943,6 @@ iptablesRemoveForwardMasquerade(virFirew */ static int iptablesForwardDontMasquerade(virFirewallPtr fw, - bool pvt, virSocketAddr *netaddr, unsigned int prefix, const char *physdev, @@ -996,8 +965,7 @@ iptablesForwardDontMasquerade(virFirewal if (physdev && physdev[0]) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "--table", "nat", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_PRT" : "POSTROUTING", + action == ADD ? "--insert" : "--delete", "POSTROUTING", "--out-interface", physdev, "--source", networkstr, "--destination", destaddr, @@ -1006,8 +974,7 @@ iptablesForwardDontMasquerade(virFirewal else virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "--table", "nat", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_PRT" : "POSTROUTING", + action == ADD ? "--insert" : "--delete", "POSTROUTING", "--source", networkstr, "--destination", destaddr, "--jump", "RETURN", @@ -1037,8 +1004,8 @@ iptablesAddDontMasquerade(virFirewallPtr const char *physdev, const char *destaddr) { - return iptablesForwardDontMasquerade(fw, true, netaddr, prefix, - physdev, destaddr, ADD); + return iptablesForwardDontMasquerade(fw, netaddr, prefix, physdev, destaddr, + ADD); } /** @@ -1062,14 +1029,13 @@ iptablesRemoveDontMasquerade(virFirewall const char *physdev, const char *destaddr) { - return iptablesForwardDontMasquerade(fw, deletePrivate, netaddr, prefix, - physdev, destaddr, REMOVE); + return iptablesForwardDontMasquerade(fw, netaddr, prefix, physdev, destaddr, + REMOVE); } static void iptablesOutputFixUdpChecksum(virFirewallPtr fw, - bool pvt, const char *iface, int port, int action) @@ -1081,8 +1047,7 @@ iptablesOutputFixUdpChecksum(virFirewall virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "--table", "mangle", - action == ADD ? "--insert" : "--delete", - pvt ? "LIBVIRT_PRT" : "POSTROUTING", + action == ADD ? "--insert" : "--delete", "POSTROUTING", "--out-interface", iface, "--protocol", "udp", "--destination-port", portstr, @@ -1106,7 +1071,7 @@ iptablesAddOutputFixUdpChecksum(virFirew const char *iface, int port) { - iptablesOutputFixUdpChecksum(fw, true, iface, port, ADD); + iptablesOutputFixUdpChecksum(fw, iface, port, ADD); } /** @@ -1123,5 +1088,5 @@ iptablesRemoveOutputFixUdpChecksum(virFi const char *iface, int port) { - iptablesOutputFixUdpChecksum(fw, deletePrivate, iface, port, REMOVE); + iptablesOutputFixUdpChecksum(fw, iface, port, REMOVE); } Index: libvirt-5.1.0/src/util/viriptables.h =================================================================== --- libvirt-5.1.0.orig/src/util/viriptables.h +++ libvirt-5.1.0/src/util/viriptables.h @@ -26,8 +26,6 @@ int iptablesSetupPrivateChains (void); -void iptablesSetDeletePrivate (bool pvt); - void iptablesAddTcpInput (virFirewallPtr fw, virFirewallLayer layer, const char *iface, Index: libvirt-5.1.0/tests/networkxml2firewalldata/nat-default-linux.args =================================================================== --- libvirt-5.1.0.orig/tests/networkxml2firewalldata/nat-default-linux.args +++ libvirt-5.1.0/tests/networkxml2firewalldata/nat-default-linux.args @@ -1,63 +1,63 @@ iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_OUT \ +--insert OUTPUT \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --in-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --out-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWX \ +--insert FORWARD \ --in-interface virbr0 \ --out-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 192.168.122.0/24 \ --in-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 192.168.122.0/24 \ --out-interface virbr0 \ --match conntrack \ @@ -65,13 +65,13 @@ iptables \ --jump ACCEPT iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 '!' \ --destination 192.168.122.0/24 \ --jump MASQUERADE iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p udp '!' \ --destination 192.168.122.0/24 \ @@ -79,7 +79,7 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p tcp '!' \ --destination 192.168.122.0/24 \ @@ -87,19 +87,19 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 255.255.255.255/32 \ --jump RETURN iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 224.0.0.0/24 \ --jump RETURN iptables \ --table mangle \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ Index: libvirt-5.1.0/tests/networkxml2firewalldata/nat-ipv6-linux.args =================================================================== --- libvirt-5.1.0.orig/tests/networkxml2firewalldata/nat-ipv6-linux.args +++ libvirt-5.1.0/tests/networkxml2firewalldata/nat-ipv6-linux.args @@ -1,100 +1,100 @@ iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_OUT \ +--insert OUTPUT \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --in-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --out-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWX \ +--insert FORWARD \ --in-interface virbr0 \ --out-interface virbr0 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --in-interface virbr0 \ --jump REJECT ip6tables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --out-interface virbr0 \ --jump REJECT ip6tables \ --table filter \ ---insert LIBVIRT_FWX \ +--insert FORWARD \ --in-interface virbr0 \ --out-interface virbr0 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 53 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 53 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 547 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 192.168.122.0/24 \ --in-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 192.168.122.0/24 \ --out-interface virbr0 \ --match conntrack \ @@ -102,13 +102,13 @@ iptables \ --jump ACCEPT iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 '!' \ --destination 192.168.122.0/24 \ --jump MASQUERADE iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p udp '!' \ --destination 192.168.122.0/24 \ @@ -116,7 +116,7 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p tcp '!' \ --destination 192.168.122.0/24 \ @@ -124,31 +124,31 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 255.255.255.255/32 \ --jump RETURN iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 224.0.0.0/24 \ --jump RETURN ip6tables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 2001:db8:ca2:2::/64 \ --in-interface virbr0 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 2001:db8:ca2:2::/64 \ --out-interface virbr0 \ --jump ACCEPT iptables \ --table mangle \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ Index: libvirt-5.1.0/tests/networkxml2firewalldata/nat-many-ips-linux.args =================================================================== --- libvirt-5.1.0.orig/tests/networkxml2firewalldata/nat-many-ips-linux.args +++ libvirt-5.1.0/tests/networkxml2firewalldata/nat-many-ips-linux.args @@ -1,63 +1,63 @@ iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_OUT \ +--insert OUTPUT \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --in-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --out-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWX \ +--insert FORWARD \ --in-interface virbr0 \ --out-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 192.168.122.0/24 \ --in-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 192.168.122.0/24 \ --out-interface virbr0 \ --match conntrack \ @@ -65,13 +65,13 @@ iptables \ --jump ACCEPT iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 '!' \ --destination 192.168.122.0/24 \ --jump MASQUERADE iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p udp '!' \ --destination 192.168.122.0/24 \ @@ -79,7 +79,7 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p tcp '!' \ --destination 192.168.122.0/24 \ @@ -87,25 +87,25 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 255.255.255.255/32 \ --jump RETURN iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 224.0.0.0/24 \ --jump RETURN iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 192.168.128.0/24 \ --in-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 192.168.128.0/24 \ --out-interface virbr0 \ --match conntrack \ @@ -113,13 +113,13 @@ iptables \ --jump ACCEPT iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.128.0/24 '!' \ --destination 192.168.128.0/24 \ --jump MASQUERADE iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.128.0/24 \ -p udp '!' \ --destination 192.168.128.0/24 \ @@ -127,7 +127,7 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.128.0/24 \ -p tcp '!' \ --destination 192.168.128.0/24 \ @@ -135,25 +135,25 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.128.0/24 \ --destination 255.255.255.255/32 \ --jump RETURN iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.128.0/24 \ --destination 224.0.0.0/24 \ --jump RETURN iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 192.168.150.0/24 \ --in-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 192.168.150.0/24 \ --out-interface virbr0 \ --match conntrack \ @@ -161,13 +161,13 @@ iptables \ --jump ACCEPT iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.150.0/24 '!' \ --destination 192.168.150.0/24 \ --jump MASQUERADE iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.150.0/24 \ -p udp '!' \ --destination 192.168.150.0/24 \ @@ -175,7 +175,7 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.150.0/24 \ -p tcp '!' \ --destination 192.168.150.0/24 \ @@ -183,19 +183,19 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.150.0/24 \ --destination 255.255.255.255/32 \ --jump RETURN iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.150.0/24 \ --destination 224.0.0.0/24 \ --jump RETURN iptables \ --table mangle \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ Index: libvirt-5.1.0/tests/networkxml2firewalldata/nat-no-dhcp-linux.args =================================================================== --- libvirt-5.1.0.orig/tests/networkxml2firewalldata/nat-no-dhcp-linux.args +++ libvirt-5.1.0/tests/networkxml2firewalldata/nat-no-dhcp-linux.args @@ -1,100 +1,100 @@ iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_OUT \ +--insert OUTPUT \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --in-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --out-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWX \ +--insert FORWARD \ --in-interface virbr0 \ --out-interface virbr0 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --in-interface virbr0 \ --jump REJECT ip6tables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --out-interface virbr0 \ --jump REJECT ip6tables \ --table filter \ ---insert LIBVIRT_FWX \ +--insert FORWARD \ --in-interface virbr0 \ --out-interface virbr0 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 53 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 53 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 547 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 192.168.122.0/24 \ --in-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 192.168.122.0/24 \ --out-interface virbr0 \ --match conntrack \ @@ -102,13 +102,13 @@ iptables \ --jump ACCEPT iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 '!' \ --destination 192.168.122.0/24 \ --jump MASQUERADE iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p udp '!' \ --destination 192.168.122.0/24 \ @@ -116,7 +116,7 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p tcp '!' \ --destination 192.168.122.0/24 \ @@ -124,25 +124,25 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 255.255.255.255/32 \ --jump RETURN iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 224.0.0.0/24 \ --jump RETURN ip6tables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 2001:db8:ca2:2::/64 \ --in-interface virbr0 \ --jump ACCEPT ip6tables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 2001:db8:ca2:2::/64 \ --out-interface virbr0 \ --jump ACCEPT Index: libvirt-5.1.0/tests/networkxml2firewalldata/nat-tftp-linux.args =================================================================== --- libvirt-5.1.0.orig/tests/networkxml2firewalldata/nat-tftp-linux.args +++ libvirt-5.1.0/tests/networkxml2firewalldata/nat-tftp-linux.args @@ -1,70 +1,70 @@ iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_OUT \ +--insert OUTPUT \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 69 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --in-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --out-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWX \ +--insert FORWARD \ --in-interface virbr0 \ --out-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 192.168.122.0/24 \ --in-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 192.168.122.0/24 \ --out-interface virbr0 \ --match conntrack \ @@ -72,13 +72,13 @@ iptables \ --jump ACCEPT iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 '!' \ --destination 192.168.122.0/24 \ --jump MASQUERADE iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p udp '!' \ --destination 192.168.122.0/24 \ @@ -86,7 +86,7 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ -p tcp '!' \ --destination 192.168.122.0/24 \ @@ -94,19 +94,19 @@ iptables \ --to-ports 1024-65535 iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 255.255.255.255/32 \ --jump RETURN iptables \ --table nat \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --source 192.168.122.0/24 \ --destination 224.0.0.0/24 \ --jump RETURN iptables \ --table mangle \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ Index: libvirt-5.1.0/tests/networkxml2firewalldata/route-default-linux.args =================================================================== --- libvirt-5.1.0.orig/tests/networkxml2firewalldata/route-default-linux.args +++ libvirt-5.1.0/tests/networkxml2firewalldata/route-default-linux.args @@ -1,69 +1,69 @@ iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 67 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_OUT \ +--insert OUTPUT \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol tcp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_INP \ +--insert INPUT \ --in-interface virbr0 \ --protocol udp \ --destination-port 53 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --in-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --out-interface virbr0 \ --jump REJECT iptables \ --table filter \ ---insert LIBVIRT_FWX \ +--insert FORWARD \ --in-interface virbr0 \ --out-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWO \ +--insert FORWARD \ --source 192.168.122.0/24 \ --in-interface virbr0 \ --jump ACCEPT iptables \ --table filter \ ---insert LIBVIRT_FWI \ +--insert FORWARD \ --destination 192.168.122.0/24 \ --out-interface virbr0 \ --jump ACCEPT iptables \ --table mangle \ ---insert LIBVIRT_PRT \ +--insert POSTROUTING \ --out-interface virbr0 \ --protocol udp \ --destination-port 68 \
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
