On Thu, Sep 05, 2024 at 01:07:55PM -0400, Laine Stump wrote:
>The whole point of <forward mode='open'/> is to supress libvirt from
>adding any firewall rules for a network, and someone might want to
>create a network with no IP address (i.e. they don't want the guests
>to have connectivity to the host via this interface) and no firewall
>rules (they don't want any, or they want to add their own). So there's
>no reason to fail when a network has <forward mode='open'/> and also
>has no IP address.
>
>Kind-of-Resolves: https://gitlab.com/libvirt/libvirt/-/issues/588
>Signed-off-by: Laine Stump <laine@redhat.com>
>---
> src/conf/network_conf.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
>index 5cf419acf1..3383906c58 100644
>--- a/src/conf/network_conf.c
>+++ b/src/conf/network_conf.c
>@@ -1789,7 +1789,6 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt,
>
> case VIR_NETWORK_FORWARD_ROUTE:
> case VIR_NETWORK_FORWARD_NAT:
>- case VIR_NETWORK_FORWARD_OPEN:
> /* It's pointless to specify L3 forwarding without specifying
> * the network we're on.
> */
>@@ -1806,7 +1805,9 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt,
> def->name);
> return NULL;
> }
>+ break;
>
>+ case VIR_NETWORK_FORWARD_OPEN:
> if (def->forward.type == VIR_NETWORK_FORWARD_OPEN && def->forward.nifs) {
You can remove the "def->forward.type == VIR_NETWORK_FORWARD_OPEN && "
part of the condition in this case.
With that
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
> /* an open network by definition can't place any restrictions
> * on what traffic is allowed or where it goes, so specifying
>--
>2.46.0
>