]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 270a9fe)
bugfix: ip6tables rule removal
authorGene Czarcinski <gene@czarc.net>
Tue, 30 Oct 2012 21:18:34 +0000 (17:18 -0400)
committerEric Blake <eblake@redhat.com>
Tue, 30 Oct 2012 22:04:25 +0000 (16:04 -0600)
Three FORWARD chain rules are added and two INPUT chain rules
are added when a network is started but only the FORWARD chain
rules are removed when the network is destroyed.

src/network/bridge_driver.c patch | blob | blame | history

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index f814f6f2573f2543d85a0041ad64e35d2dfb7025..3dbf00987a873d60750c6ab2d34966ee928147b3 100644 (file)
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1578,6 +1578,8 @@ networkRemoveGeneralIp6tablesRules(struct network_driver *driver,
     if (!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0))
         return;
 
+    iptablesRemoveUdpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
+    iptablesRemoveTcpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
     iptablesRemoveForwardAllowCross(driver->iptables, AF_INET6, network->def->bridge);
     iptablesRemoveForwardRejectIn(driver->iptables, AF_INET6, network->def->bridge);
     iptablesRemoveForwardRejectOut(driver->iptables, AF_INET6, network->def->bridge);
Unnamed repository; edit this file 'description' to name the repository.