+Thu Jan 10 13:57:56 GMT 2008 Mark McLoughlin <markmc@redhat.com>
+
+ * src/iptables.c: now that we only use built-in iptables
+ chains, we don't need to add or delete them
+
Thu Jan 10 13:56:33 GMT 2008 Mark McLoughlin <markmc@redhat.com>
Like --with-iptables-prefix, --with-iptables-dir is no
return NULL;
}
-static int
-iptablesAddRemoveChain(iptRules *rules, int action)
-{
- char **argv;
- int retval = ENOMEM;
- int n, status;
-
- n = 1 + /* /sbin/iptables */
- 2 + /* --table foo */
- 2; /* --new-chain bar */
-
- if (!(argv = calloc(n + 1, sizeof(*argv))))
- goto error;
-
- n = 0;
-
- if (!(argv[n++] = strdup(IPTABLES_PATH)))
- goto error;
-
- if (!(argv[n++] = strdup("--table")))
- goto error;
-
- if (!(argv[n++] = strdup(rules->table)))
- goto error;
-
- if (!(argv[n++] = strdup(action == ADD ? "--new-chain" : "--delete-chain")))
- goto error;
-
- if (!(argv[n++] = strdup(rules->chain)))
- goto error;
-
- if (virRun(NULL, argv, &status) < 0)
- retval = errno;
-
- retval = 0;
-
- error:
- if (argv) {
- n = 0;
- while (argv[n])
- free(argv[n++]);
- free(argv);
- }
-
- return retval;
-}
-
static char *
argvToString(char **argv)
{
goto error;
}
- if (action == ADD &&
- (retval = iptablesAddRemoveChain(rules, action)))
- goto error;
-
if (virRun(NULL, argv, NULL) < 0) {
retval = errno;
goto error;
}
- if (action == REMOVE &&
- (retval = iptablesAddRemoveChain(rules, action)))
- goto error;
-
if (action == ADD) {
retval = iptRulesAppend(rules, rule, argv, command_idx);
rule = NULL;
rule->argv[rule->command_idx] = orig;
}
- if ((retval = iptablesAddRemoveChain(rules, REMOVE)) ||
- (retval = iptablesAddRemoveChain(rules, ADD)))
- qemudLog(QEMUD_WARN, "Failed to re-create chain '%s' in table '%s': %s",
- rules->chain, rules->table, strerror(retval));
-
for (i = 0; i < rules->nrules; i++)
if (virRun(NULL, rules->rules[i].argv, NULL) < 0)
qemudLog(QEMUD_WARN, "Failed to add iptables rule '%s' to chain '%s' in table '%s': %s",
projects / libvirt.git / commitdiff