1. Patchew
  2. Libvirt
  3. View series

[PATCH v2 0/5] network: firewalld: fix routed network

Eric Garver posted 5 patches 1 year, 11 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20220531190016.183541-1-eric@garver.life
There is a newer version of this series
src/libvirt_private.syms              |  2 +
src/network/bridge_driver_linux.c     | 11 +++-
src/network/libvirt-routed-in.policy  | 11 ++++
src/network/libvirt-routed-out.policy | 12 +++++
src/network/libvirt-routed.zone       | 10 ++++
src/network/libvirt-to-host.policy    | 20 ++++++++
src/network/meson.build               | 20 ++++++++
src/util/virfirewalld.c               | 72 +++++++++++++++++++++++++++
src/util/virfirewalld.h               |  2 +
9 files changed, 159 insertions(+), 1 deletion(-)
create mode 100644 src/network/libvirt-routed-in.policy
create mode 100644 src/network/libvirt-routed-out.policy
create mode 100644 src/network/libvirt-routed.zone
create mode 100644 src/network/libvirt-to-host.policy
[PATCH v2 0/5] network: firewalld: fix routed network
Posted by Eric Garver 1 year, 11 months ago 
This series fixes routed networks when a newer firewalld (>= 1.0.0) is
present [1]. Firewalld 1.0.0 included a change that disallows implicit
forwarding between zones [2]. libvirt was relying on this behavior to
allow routed networks to function.

Firewalld policies are added. Policies have been supported since
firewalld 0.9.0. If the running firewall does not support policies, then
it will fallback to the current zone only behavior.

v2:
  - keep existing libvirt zone as is
  - remove "<forward />" in libvirt-routed zone because this feature
    requires firewalld >= 0.9.0. Has no impact since the added policies
    allow forwarding libvirt-routed <--> ANY zone (including itself).
  - add probe for policies: virFirewallDGetPolicies(),
    virFirewallDPolicyExists()

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=2055706
[2]: https://github.com/firewalld/firewalld/issues/177

Eric Garver (5):
  util: add virFirewallDGetPolicies()
  util: add virFirewallDPolicyExists()
  network: firewalld: add zone for routed networks
  network: firewalld: add policies for routed networks
  network: firewalld: add support for routed networks

 src/libvirt_private.syms              |  2 +
 src/network/bridge_driver_linux.c     | 11 +++-
 src/network/libvirt-routed-in.policy  | 11 ++++
 src/network/libvirt-routed-out.policy | 12 +++++
 src/network/libvirt-routed.zone       | 10 ++++
 src/network/libvirt-to-host.policy    | 20 ++++++++
 src/network/meson.build               | 20 ++++++++
 src/util/virfirewalld.c               | 72 +++++++++++++++++++++++++++
 src/util/virfirewalld.h               |  2 +
 9 files changed, 159 insertions(+), 1 deletion(-)
 create mode 100644 src/network/libvirt-routed-in.policy
 create mode 100644 src/network/libvirt-routed-out.policy
 create mode 100644 src/network/libvirt-routed.zone
 create mode 100644 src/network/libvirt-to-host.policy

-- 
2.35.3

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.