Eric Blake <[email protected]> wrote on 04/06/2010 10:30:16 AM:
> > On 04/05/2010 07:27 PM, Stefan Berger wrote: > > The following rule in direction 'inout' > > > > <rule direction='inout' action='drop'> > > <mac srcmacaddr='1:2:3:4:5:6'/> > > </rule> > > > > now drops all traffic from and to the given MAC address. > > So far it would have dropped traffic from the given MAC address > > and outgoing traffic with the given MAC address, which is not useful > > since the packets will always have the VM's MAC address as source > > MAC address. > > Agreed that a bi-directional filter is morally equivalent to filtering > src on input and dst on output. > > > @@ -1783,7 +1802,8 @@ ebtablesCreateRuleInstance(char chainPre > > goto err_exit; > > > > virBufferVSprintf(&buf, > > - " --ip6-source-port %s %s", > > + " %s %s %s", > > + (!reverse) ? "--ip6-source-port" : "-- > ip6-destination-port", > > Avoid negative logic; this would be better as: > > reverse ? "--ip6-destination-port" : "--ip6-source-port" > Yes, fixed this everywhere in the meantime... > > @@ -1912,7 +1934,8 @@ ebiptablesCreateRuleInstance(virConnectP > > rule, > > ifname, > > vars, > > - res); > > + res, > > + 0); > > s/0/false/, to match the prototype being bool. > > ACK, with those tweaks. Will do and push. Thanks. Stefan > > -- > Eric Blake [email protected] +1-801-349-2682 > Libvirt virtualization library http://libvirt.org > > [attachment "signature.asc" deleted by Stefan Berger/Watson/IBM]
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
