After 7431b3eb9a05068e4b libvirt requires "filter", "nat" and
"mangle" tables to exist for both IPv4 and IPv6. This fact was
missed in the news.xml and since we don't have any better place
to advertise that let's update old news.
This was refined in 686803a1a2e and since that is not released
yet create a new entry documenting the refinement.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
Even though the v1 was ACKed, I'm sending v2 because things have changed
since then. The difference to v1 then is that I've introduced a new news
entry for the current release mentioning the refinement. IMO this
reflects the reality the best: 5.1.0, which is released and doesn't
contain the fix does require all 6 tables (even though Dan created
v5.1.0-maint branch where he backported the fix).
docs/news.xml | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/docs/news.xml b/docs/news.xml
index 5c3028e10b..83e965e0f3 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -124,6 +124,18 @@
Report class information for PCI node device capability.
</summary>
</change>
+ <change>
+ <summary>
+ Split setup of IPv4 and IPv6 top level chain
+ </summary>
+ <description>
+ The requirement resulting from private chains improvement done
+ in <code>v5.1.0</code> was refined so that only tables from
+ corresponding IP version are required. This means that if a
+ network doesn't have <code>IPv6</code> enabled then those
+ tables are not required.
+ </description>
+ </change>
</section>
<section title="Bug fixes">
</section>
@@ -202,7 +214,9 @@
Historically firewall rules for virtual networks were added
straight into the base chains. This works but has a number of
bugs and design limitations. To address them, libvirt now puts
- firewall rules into its own chains.
+ firewall rules into its own chains. Note that with this change the
+ <code>filter</code>, <code>nat</code> and <code>mangle</code> tables
+ are required for both <code>IPv4</code> and <code>IPv6</code>.
</description>
</change>
<change>
--
2.19.2
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Mon, Mar 25, 2019 at 11:34:42AM +0100, Michal Privoznik wrote: > After 7431b3eb9a05068e4b libvirt requires "filter", "nat" and > "mangle" tables to exist for both IPv4 and IPv6. This fact was > missed in the news.xml and since we don't have any better place > to advertise that let's update old news. > > This was refined in 686803a1a2e and since that is not released > yet create a new entry documenting the refinement. > > Signed-off-by: Michal Privoznik <mprivozn@redhat.com> > --- > > Even though the v1 was ACKed, I'm sending v2 because things have changed > since then. The difference to v1 then is that I've introduced a new news > entry for the current release mentioning the refinement. IMO this > reflects the reality the best: 5.1.0, which is released and doesn't > contain the fix does require all 6 tables (even though Dan created > v5.1.0-maint branch where he backported the fix). > > docs/news.xml | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.