nwfilter: Check before removing and reinserting iptable base chains

[PATCH v2 0/1] nwfilter: Check before removing and reinserting iptable base chains

Dion Bosschieter posted 1 patch 1 month, 3 weeks ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20250716100859.177593-1-dionbosschieter@gmail.com

src/nwfilter/nwfilter_ebiptables_driver.c | 203 +++++++++++++---------
tests/nwfilterxml2firewalltest.c          |  58 +++++--
2 files changed, 163 insertions(+), 98 deletions(-)

Expand all Fold all

[PATCH v2 0/1] nwfilter: Check before removing and reinserting iptable base chains

Posted by Dion Bosschieter 1 month, 3 weeks ago

Thanks for the feedback. I've applied the iptables -L with a callback
handler. The callback handler then decides whether or not to create the
base chains.

I changed the commit message from
"nwfilter: Avoid firewall hole during VM startup by checking rule presence" to
"nwfilter: Check before removing and reinserting iptable base chains".

I also edited nwfilterxml2firewalltest, so it pretends that currently there are
no chains and I changed the expected order of the commonRules.

Dion Bosschieter (1):
  nwfilter: Check before removing and reinserting iptable base chains

 src/nwfilter/nwfilter_ebiptables_driver.c | 203 +++++++++++++---------
 tests/nwfilterxml2firewalltest.c          |  58 +++++--
 2 files changed, 163 insertions(+), 98 deletions(-)

-- 
2.43.0