network: rename chains used by network driver nftables backend

Because the chains added by the network driver nftables backend will
go into a table used only by libvirt, we don't need to have "libvirt"
in the chain names. Instead, we can make them more descriptive and
less abrasive (by using lower case, and using full words rather than
abbreviations).

Also (again because nobody else is using the private "libvirt_network"
table) we can directly put our rules into the input ("guest_to_host"),
output ("host_to_guest"), and postrouting ("guest_nat") chains rather
than creating a subordinate chain as done in the iptables backend.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
index ec9194a8b8c03d9c36f8046f891a3c016627d9f8..12a2d4c6adf93b3d5712591c41cf065f31b3ab94 100644 (file)
--- a/src/network/network_nftables.c
+++ b/src/network/network_nftables.c
@@ -40,12 +40,13 @@ VIR_LOG_INIT("network.nftables");
 
 #define VIR_FROM_THIS VIR_FROM_NONE
 
-#define VIR_NFTABLES_INPUT_CHAIN "LIBVIRT_INP"
-#define VIR_NFTABLES_OUTPUT_CHAIN "LIBVIRT_OUT"
-#define VIR_NFTABLES_FWD_IN_CHAIN "LIBVIRT_FWI"
-#define VIR_NFTABLES_FWD_OUT_CHAIN "LIBVIRT_FWO"
-#define VIR_NFTABLES_FWD_X_CHAIN "LIBVIRT_FWX"
-#define VIR_NFTABLES_NAT_POSTROUTE_CHAIN "LIBVIRT_PRT"
+#define VIR_NFTABLES_INPUT_CHAIN "guest_to_host"
+#define VIR_NFTABLES_OUTPUT_CHAIN "host_to_guest"
+#define VIR_NFTABLES_FORWARD_CHAIN "forward"
+#define VIR_NFTABLES_FWD_IN_CHAIN "guest_input"
+#define VIR_NFTABLES_FWD_OUT_CHAIN "guest_output"
+#define VIR_NFTABLES_FWD_X_CHAIN "guest_cross"
+#define VIR_NFTABLES_NAT_POSTROUTE_CHAIN "guest_nat"
 
 /* we must avoid using the standard "filter" table as used by
  * iptables, as any subsequent attempts to use iptables commands will
@@ -87,18 +88,15 @@ typedef struct {
 
 nftablesGlobalChain nftablesChains[] = {
     /* chains for filter rules */
-    {NULL, "INPUT", "{ type filter hook input priority 0; policy accept; }"},
-    {NULL, "FORWARD", "{ type filter hook forward priority 0; policy accept; }"},
-    {NULL, "OUTPUT", "{ type filter hook output priority 0; policy accept; }"},
-    {"INPUT", VIR_NFTABLES_INPUT_CHAIN, NULL},
-    {"OUTPUT", VIR_NFTABLES_OUTPUT_CHAIN, NULL},
-    {"FORWARD", VIR_NFTABLES_FWD_OUT_CHAIN, NULL},
-    {"FORWARD", VIR_NFTABLES_FWD_IN_CHAIN, NULL},
-    {"FORWARD", VIR_NFTABLES_FWD_X_CHAIN, NULL},
+    {NULL, VIR_NFTABLES_INPUT_CHAIN, "{ type filter hook input priority 0; policy accept; }"},
+    {NULL, VIR_NFTABLES_FORWARD_CHAIN, "{ type filter hook forward priority 0; policy accept; }"},
+    {NULL, VIR_NFTABLES_OUTPUT_CHAIN, "{ type filter hook output priority 0; policy accept; }"},
+    {VIR_NFTABLES_FORWARD_CHAIN, VIR_NFTABLES_FWD_OUT_CHAIN, NULL},
+    {VIR_NFTABLES_FORWARD_CHAIN, VIR_NFTABLES_FWD_IN_CHAIN, NULL},
+    {VIR_NFTABLES_FORWARD_CHAIN, VIR_NFTABLES_FWD_X_CHAIN, NULL},
 
     /* chains for NAT rules */
-    {NULL, "POSTROUTING", "{ type nat hook postrouting priority 100; policy accept; }"},
-    {"POSTROUTING",  VIR_NFTABLES_NAT_POSTROUTE_CHAIN, NULL},
+    {NULL, VIR_NFTABLES_NAT_POSTROUTE_CHAIN, "{ type nat hook postrouting priority 100; policy accept; }"},
 };
 
 

diff --git a/tests/networkxml2firewalldata/nat-default-linux.nftables b/tests/networkxml2firewalldata/nat-default-linux.nftables
index 92b3dd7fc03de7517590f7ca535e8a7724bc3dd1..8b6e0ba406fb23b2d9a7f2942df19123432a0a65 100644 (file)
--- a/tests/networkxml2firewalldata/nat-default-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-default-linux.nftables
@@ -3,7 +3,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -16,7 +16,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -29,7 +29,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -42,7 +42,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -55,7 +55,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -68,7 +68,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -81,7 +81,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -94,7 +94,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -107,7 +107,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -117,7 +117,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -127,7 +127,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -139,7 +139,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -152,7 +152,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 ip \
@@ -168,7 +168,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -183,7 +183,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 udp \
@@ -203,7 +203,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 tcp \
@@ -223,7 +223,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -237,7 +237,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \

diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
index f8317415cf4a292d43db4044009f51632bd311f0..03fb7397cd2d11f024873338ded2ed1e23631347 100644 (file)
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
@@ -3,7 +3,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -16,7 +16,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -29,7 +29,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -42,7 +42,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -55,7 +55,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -68,7 +68,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -81,7 +81,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -94,7 +94,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -107,7 +107,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -117,7 +117,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -127,7 +127,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -139,7 +139,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -149,7 +149,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -159,7 +159,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -171,7 +171,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -184,7 +184,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -197,7 +197,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -210,7 +210,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -223,7 +223,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -236,7 +236,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -249,7 +249,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -262,7 +262,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 ip \
@@ -278,7 +278,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -293,7 +293,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 udp \
@@ -313,7 +313,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 tcp \
@@ -333,7 +333,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -347,7 +347,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -361,7 +361,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip6 \
 saddr \
 2001:db8:ca2:2::/64 \
@@ -374,7 +374,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 ip6 \
 daddr \
 2001:db8:ca2:2::/64 \

diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
index a15b38478bdc885c7d4112ab44457066bf04d45d..012a3d5d47a5fabc44270edd9d9aacc0eb419a02 100644 (file)
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
@@ -3,7 +3,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -16,7 +16,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -29,7 +29,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -42,7 +42,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -55,7 +55,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -68,7 +68,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -81,7 +81,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -94,7 +94,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -107,7 +107,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -117,7 +117,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -127,7 +127,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -139,7 +139,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -149,7 +149,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -159,7 +159,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -171,7 +171,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -184,7 +184,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -197,7 +197,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -210,7 +210,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -223,7 +223,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -236,7 +236,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -249,7 +249,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -262,7 +262,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 ip \
@@ -278,7 +278,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -293,7 +293,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 udp \
@@ -313,7 +313,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 tcp \
@@ -333,7 +333,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -347,7 +347,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -361,7 +361,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip6 \
 saddr \
 2001:db8:ca2:2::/64 \
@@ -374,7 +374,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 ip6 \
@@ -390,7 +390,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip6 \
 saddr \
 2001:db8:ca2:2::/64 \
@@ -405,7 +405,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 udp \
@@ -425,7 +425,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 tcp \
@@ -445,7 +445,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip6 \
 saddr \
 2001:db8:ca2:2::/64 \

diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
index bd88ec9d836e86d88b515cbc792595ad63ab1716..029274ea06e374b01c725a41845dbf35a8215654 100644 (file)
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
@@ -3,7 +3,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -16,7 +16,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -29,7 +29,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -42,7 +42,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -55,7 +55,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -68,7 +68,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -81,7 +81,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -94,7 +94,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -107,7 +107,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -117,7 +117,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -127,7 +127,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -139,7 +139,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -152,7 +152,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 ip \
@@ -168,7 +168,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -183,7 +183,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 udp \
@@ -203,7 +203,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 tcp \
@@ -223,7 +223,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -237,7 +237,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -251,7 +251,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip \
 saddr \
 192.168.128.0/24 \
@@ -264,7 +264,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 ip \
@@ -280,7 +280,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.128.0/24 \
@@ -295,7 +295,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 udp \
@@ -315,7 +315,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 tcp \
@@ -335,7 +335,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.128.0/24 \
@@ -349,7 +349,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.128.0/24 \
@@ -363,7 +363,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip \
 saddr \
 192.168.150.0/24 \
@@ -376,7 +376,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 ip \
@@ -392,7 +392,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.150.0/24 \
@@ -407,7 +407,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 udp \
@@ -427,7 +427,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 tcp \
@@ -447,7 +447,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.150.0/24 \
@@ -461,7 +461,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.150.0/24 \

diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
index f8317415cf4a292d43db4044009f51632bd311f0..03fb7397cd2d11f024873338ded2ed1e23631347 100644 (file)
--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
@@ -3,7 +3,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -16,7 +16,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -29,7 +29,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -42,7 +42,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -55,7 +55,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -68,7 +68,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -81,7 +81,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -94,7 +94,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -107,7 +107,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -117,7 +117,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -127,7 +127,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -139,7 +139,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -149,7 +149,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -159,7 +159,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -171,7 +171,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -184,7 +184,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -197,7 +197,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -210,7 +210,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -223,7 +223,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -236,7 +236,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -249,7 +249,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -262,7 +262,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 ip \
@@ -278,7 +278,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -293,7 +293,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 udp \
@@ -313,7 +313,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 tcp \
@@ -333,7 +333,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -347,7 +347,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -361,7 +361,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip6 \
 saddr \
 2001:db8:ca2:2::/64 \
@@ -374,7 +374,7 @@ nft \
 rule \
 ip6 \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 ip6 \
 daddr \
 2001:db8:ca2:2::/64 \

diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.nftables b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
index a25935b8312dc370ab8509205981e3f0bdce42cc..dd84468ad606a5f2da6ac278b82c1a9c58f85fa5 100644 (file)
--- a/tests/networkxml2firewalldata/nat-tftp-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
@@ -3,7 +3,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -16,7 +16,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -29,7 +29,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -42,7 +42,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -55,7 +55,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -68,7 +68,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -81,7 +81,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -94,7 +94,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -107,7 +107,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -120,7 +120,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -133,7 +133,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -143,7 +143,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -153,7 +153,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -165,7 +165,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -178,7 +178,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 ip \
@@ -194,7 +194,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -209,7 +209,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 udp \
@@ -229,7 +229,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 meta \
 l4proto \
 tcp \
@@ -249,7 +249,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -263,7 +263,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_PRT \
+guest_nat \
 ip \
 saddr \
 192.168.122.0/24 \

diff --git a/tests/networkxml2firewalldata/route-default-linux.nftables b/tests/networkxml2firewalldata/route-default-linux.nftables
index 2337d50bafbba3cc609c4ca5abe6a1946bec5a42..c1cc8f05b1ff4b51bc3c4568bd91e419fb0b2388 100644 (file)
--- a/tests/networkxml2firewalldata/route-default-linux.nftables
+++ b/tests/networkxml2firewalldata/route-default-linux.nftables
@@ -3,7 +3,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -16,7 +16,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -29,7 +29,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -42,7 +42,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -55,7 +55,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 tcp \
@@ -68,7 +68,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_INP \
+guest_to_host \
 iifname \
 virbr0 \
 udp \
@@ -81,7 +81,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 tcp \
@@ -94,7 +94,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_OUT \
+host_to_guest \
 oifname \
 virbr0 \
 udp \
@@ -107,7 +107,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 iifname \
 virbr0 \
 counter \
@@ -117,7 +117,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 oifname \
 virbr0 \
 counter \
@@ -127,7 +127,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWX \
+guest_cross \
 iifname \
 virbr0 \
 oifname \
@@ -139,7 +139,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWO \
+guest_output \
 ip \
 saddr \
 192.168.122.0/24 \
@@ -152,7 +152,7 @@ nft \
 rule \
 ip \
 libvirt_network \
-LIBVIRT_FWI \
+guest_input \
 ip \
 daddr \
 192.168.122.0/24 \