From: Guido Günther <agx@sigxcpu.org>
Date: Thu, 5 Nov 2009 19:28:11 +0000 (+0100)
Subject: only remove masquerade roles for VIR_NETWORK_FORWARD_NAT
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=91f9157e5b807ba641bc52593911f037445ec613;p=libvirt.git

only remove masquerade roles for VIR_NETWORK_FORWARD_NAT

Fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549949
---

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 905c498c76..0342aa082a 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -783,16 +783,15 @@ static void
 networkRemoveIptablesRules(struct network_driver *driver,
                          virNetworkObjPtr network) {
     if (network->def->forwardType != VIR_NETWORK_FORWARD_NONE) {
-        iptablesRemoveForwardMasquerade(driver->iptables,
-                                        network->def->network,
-                                        network->def->forwardDev);
-
-        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT)
+        if (network->def->forwardType == VIR_NETWORK_FORWARD_NAT) {
+            iptablesRemoveForwardMasquerade(driver->iptables,
+                                                network->def->network,
+                                                network->def->forwardDev);
             iptablesRemoveForwardAllowRelatedIn(driver->iptables,
                                                 network->def->network,
                                                 network->def->bridge,
                                                 network->def->forwardDev);
-        else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
+        } else if (network->def->forwardType == VIR_NETWORK_FORWARD_ROUTE)
             iptablesRemoveForwardAllowIn(driver->iptables,
                                          network->def->network,
                                          network->def->bridge,