Thanks for the feedback. I've applied the iptables -L with a callback
handler. The callback handler then decides whether or not to create the
base chains.

I changed the commit message from
"nwfilter: Avoid firewall hole during VM startup by checking rule presence" to
"nwfilter: Check before removing and reinserting iptable base chains".

I also edited nwfilterxml2firewalltest, so it pretends that currently there are
no chains and I changed the expected order of the commonRules.

Dion Bosschieter (1):
  nwfilter: Check before removing and reinserting iptable base chains

 src/nwfilter/nwfilter_ebiptables_driver.c | 203 +++++++++++++---------
 tests/nwfilterxml2firewalltest.c          |  58 +++++--
 2 files changed, 163 insertions(+), 98 deletions(-)

-- 
2.43.0

Reply via email to