From nobody Wed Jan 15 09:46:57 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1682911223; cv=none; d=zohomail.com; s=zohoarc; b=M5+u0d7QFR/11sGo5hBY3+2gadi3YRaNPnfmhkskM770ETyJY5XRvD6eXAeqYmoOsfjndRHHlWi6jHd9gDd+VycWqiqVnQe4jm0hL/Cbcz43Y9ZzUT5rXwmnsE3qGIYkiFc1l21Z+vVejsetKbUz8619PHj//bRXDaN36F+1Tlg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1682911223; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=jSPnq3+8lVAIfI1DN6pU0tDNskYu9nGF9pAY+GCbMHI=; b=k1MiTge03NpSd3aUE153U/L1gIe8n7vHbXJb9erMz3/S/y/8YDe46RRoUzzvjk7+bjxpEKd63bGEajuWzhQ8h2sML5CVvS84sIU0HeTJfsmRVQKQEhJAxWX1AM76rbyfWBc1ZYEeK1T5W5pevmLZvBy78fr0Emp1Orj4G1YPeFg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1682911223004222.81292988812584; Sun, 30 Apr 2023 20:20:23 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-113-R_6e1nGtOcispTESDtfADw-1; Sun, 30 Apr 2023 23:20:14 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 06028296A60C; Mon, 1 May 2023 03:20:11 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E32CF1121319; Mon, 1 May 2023 03:20:10 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 5C7391949749; Mon, 1 May 2023 03:20:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id A3FAB194658C for ; Mon, 1 May 2023 03:19:44 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id A4A504750B8; Mon, 1 May 2023 03:19:44 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.22.8.105]) by smtp.corp.redhat.com (Postfix) with ESMTP id 804C54750B3 for ; Mon, 1 May 2023 03:19:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1682911221; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=jSPnq3+8lVAIfI1DN6pU0tDNskYu9nGF9pAY+GCbMHI=; b=RGThiUjwACPRzl6ZXJIh2jjmfxRGY19e/PPvPHPzs2oRfFiHUxym9aiJ+N/zWVkBFMLJ42 /oA1jqQlZ4/xtk5waQP/wJH/qqiBnbEP2fTzfc2tvhSJMqYU5Hmvs4Kh2LT9dEovmcUHEu /IiaEUeoqVOixyy1PBoU2GfU+6PCU9M= X-MC-Unique: R_6e1nGtOcispTESDtfADw-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Laine Stump To: libvir-list@redhat.com Subject: [libvirt PATCH 04/28] util: rename iptables helpers that will become the frontend for ip&nftables Date: Sun, 30 Apr 2023 23:19:19 -0400 Message-Id: <20230501031943.288145-5-laine@redhat.com> In-Reply-To: <20230501031943.288145-1-laine@redhat.com> References: <20230501031943.288145-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1682911223711100009 Content-Type: text/plain; charset="utf-8"; x-default="true" These toplevel functions have no iptables-specific code, except that they each call a lower-level internal function that *is* iptables specific. As a preparation to supporting use of either iptables or nftables, rename these functions from iptablesXXX to virNetfilterXXX. Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrang=C3=A9 --- src/libvirt_private.syms | 48 +++--- src/network/bridge_driver_linux.c | 124 +++++++------- src/util/viriptables.c | 260 +++++++++++++++--------------- src/util/viriptables.h | 96 +++++------ 4 files changed, 264 insertions(+), 264 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 73cccf38a1..9f3868bbac 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2547,33 +2547,33 @@ virInitctlSetRunLevel; =20 =20 # util/viriptables.h -iptablesAddDontMasquerade; -iptablesAddForwardAllowCross; -iptablesAddForwardAllowIn; -iptablesAddForwardAllowOut; -iptablesAddForwardAllowRelatedIn; -iptablesAddForwardMasquerade; -iptablesAddForwardRejectIn; -iptablesAddForwardRejectOut; iptablesAddOutputFixUdpChecksum; -iptablesAddTcpInput; -iptablesAddTcpOutput; -iptablesAddUdpInput; -iptablesAddUdpOutput; -iptablesRemoveDontMasquerade; -iptablesRemoveForwardAllowCross; -iptablesRemoveForwardAllowIn; -iptablesRemoveForwardAllowOut; -iptablesRemoveForwardAllowRelatedIn; -iptablesRemoveForwardMasquerade; -iptablesRemoveForwardRejectIn; -iptablesRemoveForwardRejectOut; iptablesRemoveOutputFixUdpChecksum; -iptablesRemoveTcpInput; -iptablesRemoveTcpOutput; -iptablesRemoveUdpInput; -iptablesRemoveUdpOutput; iptablesSetupPrivateChains; +virNetfilterAddDontMasquerade; +virNetfilterAddForwardAllowCross; +virNetfilterAddForwardAllowIn; +virNetfilterAddForwardAllowOut; +virNetfilterAddForwardAllowRelatedIn; +virNetfilterAddForwardMasquerade; +virNetfilterAddForwardRejectIn; +virNetfilterAddForwardRejectOut; +virNetfilterAddTcpInput; +virNetfilterAddTcpOutput; +virNetfilterAddUdpInput; +virNetfilterAddUdpOutput; +virNetfilterRemoveDontMasquerade; +virNetfilterRemoveForwardAllowCross; +virNetfilterRemoveForwardAllowIn; +virNetfilterRemoveForwardAllowOut; +virNetfilterRemoveForwardAllowRelatedIn; +virNetfilterRemoveForwardMasquerade; +virNetfilterRemoveForwardRejectIn; +virNetfilterRemoveForwardRejectOut; +virNetfilterRemoveTcpInput; +virNetfilterRemoveTcpOutput; +virNetfilterRemoveUdpInput; +virNetfilterRemoveUdpOutput; =20 =20 # util/viriscsi.h diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_= linux.c index 1ef5b9d917..da7d78a40a 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -322,7 +322,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, } =20 /* allow forwarding packets from the bridge interface */ - if (iptablesAddForwardAllowOut(fw, + if (virNetfilterAddForwardAllowOut(fw, &ipdef->address, prefix, def->bridge, @@ -332,7 +332,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, /* allow forwarding packets to the bridge interface if they are * part of an existing connection */ - if (iptablesAddForwardAllowRelatedIn(fw, + if (virNetfilterAddForwardAllowRelatedIn(fw, &ipdef->address, prefix, def->bridge, @@ -372,7 +372,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, */ =20 /* First the generic masquerade rule for other protocols */ - if (iptablesAddForwardMasquerade(fw, + if (virNetfilterAddForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -382,7 +382,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, return -1; =20 /* UDP with a source port restriction */ - if (iptablesAddForwardMasquerade(fw, + if (virNetfilterAddForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -392,7 +392,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, return -1; =20 /* TCP with a source port restriction */ - if (iptablesAddForwardMasquerade(fw, + if (virNetfilterAddForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -403,7 +403,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, =20 /* exempt local network broadcast address as destination */ if (isIPv4 && - iptablesAddDontMasquerade(fw, + virNetfilterAddDontMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -411,7 +411,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, return -1; =20 /* exempt local multicast range as destination */ - if (iptablesAddDontMasquerade(fw, + if (virNetfilterAddDontMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -434,7 +434,7 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw, if (prefix < 0) return 0; =20 - if (iptablesRemoveDontMasquerade(fw, + if (virNetfilterRemoveDontMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -443,14 +443,14 @@ networkRemoveMasqueradingFirewallRules(virFirewall *f= w, return -1; =20 if (isIPv4 && - iptablesRemoveDontMasquerade(fw, + virNetfilterRemoveDontMasquerade(fw, &ipdef->address, prefix, forwardIf, networkLocalBroadcast) < 0) return -1; =20 - if (iptablesRemoveForwardMasquerade(fw, + if (virNetfilterRemoveForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -459,7 +459,7 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw, "tcp") < 0) return -1; =20 - if (iptablesRemoveForwardMasquerade(fw, + if (virNetfilterRemoveForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -468,7 +468,7 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw, "udp") < 0) return -1; =20 - if (iptablesRemoveForwardMasquerade(fw, + if (virNetfilterRemoveForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -477,14 +477,14 @@ networkRemoveMasqueradingFirewallRules(virFirewall *f= w, NULL) < 0) return -1; =20 - if (iptablesRemoveForwardAllowRelatedIn(fw, + if (virNetfilterRemoveForwardAllowRelatedIn(fw, &ipdef->address, prefix, def->bridge, forwardIf) < 0) return -1; =20 - if (iptablesRemoveForwardAllowOut(fw, + if (virNetfilterRemoveForwardAllowOut(fw, &ipdef->address, prefix, def->bridge, @@ -511,7 +511,7 @@ networkAddRoutingFirewallRules(virFirewall *fw, } =20 /* allow routing packets from the bridge interface */ - if (iptablesAddForwardAllowOut(fw, + if (virNetfilterAddForwardAllowOut(fw, &ipdef->address, prefix, def->bridge, @@ -519,7 +519,7 @@ networkAddRoutingFirewallRules(virFirewall *fw, return -1; =20 /* allow routing packets to the bridge interface */ - if (iptablesAddForwardAllowIn(fw, + if (virNetfilterAddForwardAllowIn(fw, &ipdef->address, prefix, def->bridge, @@ -541,14 +541,14 @@ networkRemoveRoutingFirewallRules(virFirewall *fw, if (prefix < 0) return 0; =20 - if (iptablesRemoveForwardAllowIn(fw, + if (virNetfilterRemoveForwardAllowIn(fw, &ipdef->address, prefix, def->bridge, forwardIf) < 0) return -1; =20 - if (iptablesRemoveForwardAllowOut(fw, + if (virNetfilterRemoveForwardAllowOut(fw, &ipdef->address, prefix, def->bridge, @@ -576,29 +576,29 @@ networkAddGeneralIPv4FirewallRules(virFirewall *fw, } =20 /* allow DHCP requests through to dnsmasq & back out */ - iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); - iptablesAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); + virNetfilterAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); + virNetfilterAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); =20 /* allow DNS requests through to dnsmasq & back out */ - iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); =20 /* allow TFTP requests through to dnsmasq if necessary & back out */ if (ipv4def && ipv4def->tftproot) { - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, = 69); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge,= 69); } =20 /* Catch all rules to block forwarding to/from bridges */ - iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); - iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); + virNetfilterAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->brid= ge); + virNetfilterAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridg= e); =20 /* Allow traffic between guests on the same bridge */ - iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); + virNetfilterAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bri= dge); } =20 static void @@ -615,24 +615,24 @@ networkRemoveGeneralIPv4FirewallRules(virFirewall *fw, break; } =20 - iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->brid= ge); - iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge= ); - iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridg= e); + virNetfilterRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->= bridge); + virNetfilterRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->br= idge); + virNetfilterRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->b= ridge); =20 if (ipv4def && ipv4def->tftproot) { - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 6= 9); - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, = 69); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridg= e, 69); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->brid= ge, 69); } =20 - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 5= 3); + virNetfilterRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 5= 3); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, = 53); + virNetfilterRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, = 53); =20 - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); - iptablesRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); - iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, = 68); + virNetfilterRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, = 68); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 6= 7); + virNetfilterRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 6= 7); } =20 =20 @@ -651,21 +651,21 @@ networkAddGeneralIPv6FirewallRules(virFirewall *fw, } =20 /* Catch all rules to block forwarding to/from bridges */ - iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); - iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); + virNetfilterAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->brid= ge); + virNetfilterAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridg= e); =20 /* Allow traffic between guests on the same bridge */ - iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); + virNetfilterAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bri= dge); =20 if (virNetworkDefGetIPByIndex(def, AF_INET6, 0)) { /* allow DNS over IPv6 & back out */ - iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); - iptablesAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); + virNetfilterAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, = 53); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, = 53); + virNetfilterAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge,= 53); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge,= 53); /* allow DHCPv6 & back out */ - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 546= ); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, = 547); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge,= 546); } } =20 @@ -679,20 +679,20 @@ networkRemoveGeneralIPv6FirewallRules(virFirewall *fw, } =20 if (virNetworkDefGetIPByIndex(def, AF_INET6, 0)) { - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, = 546); - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 5= 47); - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, = 53); - iptablesRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, = 53); - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 5= 3); - iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 5= 3); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->brid= ge, 546); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridg= e, 547); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->brid= ge, 53); + virNetfilterRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->brid= ge, 53); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridg= e, 53); + virNetfilterRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridg= e, 53); } =20 /* the following rules are there if no IPv6 address has been defined * but def->ipv6nogw =3D=3D true */ - iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->brid= ge); - iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge= ); - iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridg= e); + virNetfilterRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->= bridge); + virNetfilterRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->br= idge); + virNetfilterRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->b= ridge); } =20 =20 diff --git a/src/util/viriptables.c b/src/util/viriptables.c index 018021bc1b..8db5bb3e4b 100644 --- a/src/util/viriptables.c +++ b/src/util/viriptables.c @@ -198,7 +198,7 @@ iptablesOutput(virFirewall *fw, } =20 /** - * iptablesAddTcpInput: + * virNetfilterAddTcpInput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the TCP port to add @@ -207,16 +207,16 @@ iptablesOutput(virFirewall *fw, * the given @iface interface for TCP packets */ void -iptablesAddTcpInput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterAddTcpInput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1); } =20 /** - * iptablesRemoveTcpInput: + * virNetfilterRemoveTcpInput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the TCP port to remove @@ -225,16 +225,16 @@ iptablesAddTcpInput(virFirewall *fw, * @port on the given @iface interface for TCP packets */ void -iptablesRemoveTcpInput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterRemoveTcpInput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1); } =20 /** - * iptablesAddUdpInput: + * virNetfilterAddUdpInput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to add @@ -243,16 +243,16 @@ iptablesRemoveTcpInput(virFirewall *fw, * the given @iface interface for UDP packets */ void -iptablesAddUdpInput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterAddUdpInput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0); } =20 /** - * iptablesRemoveUdpInput: + * virNetfilterRemoveUdpInput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to remove @@ -261,16 +261,16 @@ iptablesAddUdpInput(virFirewall *fw, * @port on the given @iface interface for UDP packets */ void -iptablesRemoveUdpInput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterRemoveUdpInput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0); } =20 /** - * iptablesAddTcpOutput: + * virNetfilterAddTcpOutput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the TCP port to add @@ -279,16 +279,16 @@ iptablesRemoveUdpInput(virFirewall *fw, * the given @iface interface for TCP packets */ void -iptablesAddTcpOutput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterAddTcpOutput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1); } =20 /** - * iptablesRemoveTcpOutput: + * virNetfilterRemoveTcpOutput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to remove @@ -297,16 +297,16 @@ iptablesAddTcpOutput(virFirewall *fw, * @port from the given @iface interface for TCP packets */ void -iptablesRemoveTcpOutput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterRemoveTcpOutput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1); } =20 /** - * iptablesAddUdpOutput: + * virNetfilterAddUdpOutput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to add @@ -315,16 +315,16 @@ iptablesRemoveTcpOutput(virFirewall *fw, * the given @iface interface for UDP packets */ void -iptablesAddUdpOutput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterAddUdpOutput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0); } =20 /** - * iptablesRemoveUdpOutput: + * virNetfilterRemoveUdpOutput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to remove @@ -333,10 +333,10 @@ iptablesAddUdpOutput(virFirewall *fw, * @port from the given @iface interface for UDP packets */ void -iptablesRemoveUdpOutput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterRemoveUdpOutput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0); } @@ -384,7 +384,7 @@ iptablesForwardAllowOut(virFirewall *fw, } =20 /** - * iptablesAddForwardAllowOut: + * virNetfilterAddForwardAllowOut: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the source interface name @@ -397,18 +397,18 @@ iptablesForwardAllowOut(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesAddForwardAllowOut(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterAddForwardAllowOut(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_INSERT); } =20 /** - * iptablesRemoveForwardAllowOut: + * virNetfilterRemoveForwardAllowOut: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the source interface name @@ -421,11 +421,11 @@ iptablesAddForwardAllowOut(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesRemoveForwardAllowOut(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterRemoveForwardAllowOut(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_DELETE); @@ -478,7 +478,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, } =20 /** - * iptablesAddForwardAllowRelatedIn: + * virNetfilterAddForwardAllowRelatedIn: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the output interface name @@ -491,18 +491,18 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesAddForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterAddForwardAllowRelatedIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physd= ev, VIR_NETFILTER_INSERT); } =20 /** - * iptablesRemoveForwardAllowRelatedIn: + * virNetfilterRemoveForwardAllowRelatedIn: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the output interface name @@ -515,11 +515,11 @@ iptablesAddForwardAllowRelatedIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesRemoveForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterRemoveForwardAllowRelatedIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physd= ev, VIR_NETFILTER_DELETE); @@ -565,7 +565,7 @@ iptablesForwardAllowIn(virFirewall *fw, } =20 /** - * iptablesAddForwardAllowIn: + * virNetfilterAddForwardAllowIn: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the output interface name @@ -578,18 +578,18 @@ iptablesForwardAllowIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesAddForwardAllowIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterAddForwardAllowIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_INSERT); } =20 /** - * iptablesRemoveForwardAllowIn: + * virNetfilterRemoveForwardAllowIn: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the output interface name @@ -602,11 +602,11 @@ iptablesAddForwardAllowIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesRemoveForwardAllowIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterRemoveForwardAllowIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_DELETE); @@ -629,7 +629,7 @@ iptablesForwardAllowCross(virFirewall *fw, } =20 /** - * iptablesAddForwardAllowCross: + * virNetfilterAddForwardAllowCross: * @ctx: pointer to the IP table context * @iface: the input/output interface name * @@ -640,15 +640,15 @@ iptablesForwardAllowCross(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesAddForwardAllowCross(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterAddForwardAllowCross(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_INSERT); } =20 /** - * iptablesRemoveForwardAllowCross: + * virNetfilterRemoveForwardAllowCross: * @ctx: pointer to the IP table context * @iface: the input/output interface name * @@ -659,9 +659,9 @@ iptablesAddForwardAllowCross(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesRemoveForwardAllowCross(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterRemoveForwardAllowCross(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_DELETE); } @@ -682,7 +682,7 @@ iptablesForwardRejectOut(virFirewall *fw, } =20 /** - * iptablesAddForwardRejectOut: + * virNetfilterAddForwardRejectOut: * @ctx: pointer to the IP table context * @iface: the output interface name * @@ -692,15 +692,15 @@ iptablesForwardRejectOut(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesAddForwardRejectOut(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterAddForwardRejectOut(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_INSERT); } =20 /** - * iptablesRemoveForwardRejectOut: + * virNetfilterRemoveForwardRejectOut: * @ctx: pointer to the IP table context * @iface: the output interface name * @@ -710,9 +710,9 @@ iptablesAddForwardRejectOut(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesRemoveForwardRejectOut(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterRemoveForwardRejectOut(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_DELETE); } @@ -734,7 +734,7 @@ iptablesForwardRejectIn(virFirewall *fw, } =20 /** - * iptablesAddForwardRejectIn: + * virNetfilterAddForwardRejectIn: * @ctx: pointer to the IP table context * @iface: the input interface name * @@ -744,15 +744,15 @@ iptablesForwardRejectIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesAddForwardRejectIn(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterAddForwardRejectIn(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_INSERT); } =20 /** - * iptablesRemoveForwardRejectIn: + * virNetfilterRemoveForwardRejectIn: * @ctx: pointer to the IP table context * @iface: the input interface name * @@ -762,9 +762,9 @@ iptablesAddForwardRejectIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesRemoveForwardRejectIn(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterRemoveForwardRejectIn(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_DELETE); } @@ -869,7 +869,7 @@ iptablesForwardMasquerade(virFirewall *fw, } =20 /** - * iptablesAddForwardMasquerade: + * virNetfilterAddForwardMasquerade: * @ctx: pointer to the IP table context * @network: the source network name * @physdev: the physical input device or NULL @@ -882,13 +882,13 @@ iptablesForwardMasquerade(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesAddForwardMasquerade(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) +virNetfilterAddForwardMasquerade(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *physdev, + virSocketAddrRange *addr, + virPortRange *port, + const char *protocol) { return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, protocol, @@ -896,7 +896,7 @@ iptablesAddForwardMasquerade(virFirewall *fw, } =20 /** - * iptablesRemoveForwardMasquerade: + * virNetfilterRemoveForwardMasquerade: * @ctx: pointer to the IP table context * @network: the source network name * @physdev: the physical input device or NULL @@ -909,13 +909,13 @@ iptablesAddForwardMasquerade(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesRemoveForwardMasquerade(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) +virNetfilterRemoveForwardMasquerade(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *physdev, + virSocketAddrRange *addr, + virPortRange *port, + const char *protocol) { return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, protocol, @@ -965,7 +965,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, } =20 /** - * iptablesAddDontMasquerade: + * virNetfilterAddDontMasquerade: * @netaddr: the source network name * @prefix: prefix (# of 1 bits) of netmask to apply to @netaddr * @physdev: the physical output device or NULL @@ -973,24 +973,24 @@ iptablesForwardDontMasquerade(virFirewall *fw, * * Add rules to the IP table context to avoid masquerading from * @netaddr/@prefix to @destaddr on @physdev. @destaddr must be in a format - * directly consumable by iptables, it must not depend on user input or + * directly consumable by iptables/nftables, it must not depend on user in= put or * configuration. * * Returns 0 in case of success or an error code otherwise. */ int -iptablesAddDontMasquerade(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - const char *destaddr) +virNetfilterAddDontMasquerade(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *physdev, + const char *destaddr) { return iptablesForwardDontMasquerade(fw, netaddr, prefix, physdev, destaddr, VIR_NETFILTER_= INSERT); } =20 /** - * iptablesRemoveDontMasquerade: + * virNetfilterRemoveDontMasquerade: * @netaddr: the source network name * @prefix: prefix (# of 1 bits) of netmask to apply to @netaddr * @physdev: the physical output device or NULL @@ -998,17 +998,17 @@ iptablesAddDontMasquerade(virFirewall *fw, * * Remove rules from the IP table context that prevent masquerading from * @netaddr/@prefix to @destaddr on @physdev. @destaddr must be in a format - * directly consumable by iptables, it must not depend on user input or + * directly consumable by iptables/nftables, it must not depend on user in= put or * configuration. * * Returns 0 in case of success or an error code otherwise. */ int -iptablesRemoveDontMasquerade(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - const char *destaddr) +virNetfilterRemoveDontMasquerade(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *physdev, + const char *destaddr) { return iptablesForwardDontMasquerade(fw, netaddr, prefix, physdev, destaddr, diff --git a/src/util/viriptables.h b/src/util/viriptables.h index bb13f3292d..610c4dccde 100644 --- a/src/util/viriptables.h +++ b/src/util/viriptables.h @@ -25,101 +25,101 @@ =20 int iptablesSetupPrivateChains (virFirewallLayer layer); =20 -void iptablesAddTcpInput (virFirewall *fw, +void virNetfilterAddTcpInput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesRemoveTcpInput (virFirewall *fw, +void virNetfilterRemoveTcpInput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); =20 -void iptablesAddUdpInput (virFirewall *fw, +void virNetfilterAddUdpInput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesRemoveUdpInput (virFirewall *fw, +void virNetfilterRemoveUdpInput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); =20 -void iptablesAddTcpOutput (virFirewall *fw, +void virNetfilterAddTcpOutput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesRemoveTcpOutput (virFirewall *fw, +void virNetfilterRemoveTcpOutput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesAddUdpOutput (virFirewall *fw, +void virNetfilterAddUdpOutput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesRemoveUdpOutput (virFirewall *fw, +void virNetfilterRemoveUdpOutput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); =20 -int iptablesAddForwardAllowOut (virFirewall *fw, +int virNetfilterAddForwardAllowOut (virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *iface, const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowOut (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +int virNetfilterRemoveForwardAllowOut(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -int iptablesAddForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +int virNetfilterAddForwardAllowRelatedIn(virFirewall *fw, + virSocketAddr *netad= dr, + unsigned int prefix, + const char *iface, + const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netadd= r, - unsigned int prefix, - const char *iface, - const char *physdev) +int virNetfilterRemoveForwardAllowRelatedIn(virFirewall *fw, + virSocketAddr *ne= taddr, + unsigned int pref= ix, + const char *iface, + const char *physd= ev) G_GNUC_WARN_UNUSED_RESULT; =20 -int iptablesAddForwardAllowIn (virFirewall *fw, +int virNetfilterAddForwardAllowIn (virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *iface, const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowIn (virFirewall *fw, +int virNetfilterRemoveForwardAllowIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *iface, const char *physdev) G_GNUC_WARN_UNUSED_RESULT; =20 -void iptablesAddForwardAllowCross (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardAllowCross (virFirewall *fw, +void virNetfilterAddForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface); +void virNetfilterRemoveForwardAllowCross(virFirewall *fw, + virFirewallLayer laye= r, + const char *iface); =20 -void iptablesAddForwardRejectOut (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardRejectOut (virFirewall *fw, +void virNetfilterAddForwardRejectOut (virFirewall *fw, virFirewallLayer layer, const char *iface); +void virNetfilterRemoveForwardRejectOut(virFirewall *fw, + virFirewallLayer layer, + const char *iface); =20 -void iptablesAddForwardRejectIn (virFirewall *fw, +void virNetfilterAddForwardRejectIn (virFirewall *fw, virFirewallLayer layer, const char *iface); -void iptablesRemoveForwardRejectIn (virFirewall *fw, - virFirewallLayer layery, - const char *iface); +void virNetfilterRemoveForwardRejectIn(virFirewall *fw, + virFirewallLayer layery, + const char *iface); =20 -int iptablesAddForwardMasquerade (virFirewall *fw, +int virNetfilterAddForwardMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *physdev, @@ -127,21 +127,21 @@ int iptablesAddForwardMasquerade (vir= Firewall *fw, virPortRange *port, const char *protocol) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) +int virNetfilterRemoveForwardMasquerade(virFirewall *fw, + virSocketAddr *netadd= r, + unsigned int prefix, + const char *physdev, + virSocketAddrRange *a= ddr, + virPortRange *port, + const char *protocol) G_GNUC_WARN_UNUSED_RESULT; -int iptablesAddDontMasquerade (virFirewall *fw, +int virNetfilterAddDontMasquerade (virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *physdev, const char *destaddr) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveDontMasquerade (virFirewall *fw, +int virNetfilterRemoveDontMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *physdev, --=20 2.39.2