1. Patchew
  2. Libvirt
  3. View series

[PATCH] network: add comment to table that it belongs to libvirt

Daniel P. Berrangé via Devel posted 1 patch 2 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20260211201919.1223165-1-berrange@redhat.com
src/network/network_nftables.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
[PATCH] network: add comment to table that it belongs to libvirt
Posted by Daniel P. Berrangé via Devel 2 months ago 
From: Daniel P. Berrangé <berrange@redhat.com>

The result looks like

$ nft list ruleset
...snip...
table ip6 libvirt_network {
	comment "Managed by libvirt for virtual networks:   https://libvirt.org/firewall.html#the-virtual-network-driver"
	chain forward {
...snip...

This should reduce the number of people wondering why
these rules exists.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/network/network_nftables.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
index cffe8072f5..cd46ff8d83 100644
--- a/src/network/network_nftables.c
+++ b/src/network/network_nftables.c
@@ -61,6 +61,10 @@ VIR_LOG_INIT("network.nftables");
 
 #define VIR_NFTABLES_PRIVATE_TABLE "libvirt_network"
 
+#define VIR_NFTABLES_COMMENT \
+    "{ comment \"Managed by libvirt for virtual networks: " \
+    "https://libvirt.org/firewall.html#the-virtual-network-driver\"; }"
+
 /* nftables backend uses the same binary (nft) for all layers, but
  * IPv4 and IPv6 have their rules in separate classes of tables,
  * either "ip" or "ip6". (there is also an "inet" class of tables that
@@ -165,7 +169,9 @@ nftablesPrivateChainCreate(virFirewall *fw,
 
     if (!tableMatch) {
         virFirewallAddCmd(fw, layer, "add", "table",
-                          layerStr, VIR_NFTABLES_PRIVATE_TABLE, NULL);
+                          layerStr, VIR_NFTABLES_PRIVATE_TABLE,
+                          VIR_NFTABLES_COMMENT,
+                          NULL);
     }
 
     for (i = 0; i < data->nchains; i++) {
-- 
2.53.0
Re: [PATCH] network: add comment to table that it belongs to libvirt
Posted by Michal Prívozník via Devel 2 months ago 
On 2/11/26 21:19, Daniel P. Berrangé via Devel wrote:
> From: Daniel P. Berrangé <berrange@redhat.com>
> 
> The result looks like
> 
> $ nft list ruleset
> ...snip...
> table ip6 libvirt_network {
> 	comment "Managed by libvirt for virtual networks:   https://libvirt.org/firewall.html#the-virtual-network-driver"
> 	chain forward {
> ...snip...
> 
> This should reduce the number of people wondering why
> these rules exists.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  src/network/network_nftables.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal
Re: [PATCH] network: add comment to table that it belongs to libvirt
Posted by Peter Krempa via Devel 2 months ago 
On Wed, Feb 11, 2026 at 20:19:19 +0000, Daniel P. Berrangé via Devel wrote:
> From: Daniel P. Berrangé <berrange@redhat.com>
> 
> The result looks like
> 
> $ nft list ruleset
> ...snip...
> table ip6 libvirt_network {
> 	comment "Managed by libvirt for virtual networks:   https://libvirt.org/firewall.html#the-virtual-network-driver"
> 	chain forward {
> ...snip...
> 
> This should reduce the number of people wondering why
> these rules exists.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  src/network/network_nftables.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)

Reviewed-by: Peter Krempa <pkrempa@redhat.com>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.