Daniel Veillard <[email protected]> wrote on 04/07/2010 03:55:19 AM:
> On Tue, Apr 06, 2010 at 03:55:26PM -0400, Stefan Berger wrote: > > The attached patch fixes a problem due to the mac match in iptables only > > supporting --mac-source and no --mac-destination, thus it not being > > symmetric. Therefore a rule like this one > > > > <rule action='drop' direction='out'> > > <all match='no' srcmacaddr='$MAC'/> > > </rule> > > > > should only have the MAC match on traffic leaving the VM and not test > > for the same source MAC address on traffic that the VM receives. > > > > Signed-off-by: Stefan Berger <[email protected]> > > > > Okay, I had to check _iptablesCreateRuleInstance() source to find out > it's a giant switch, then patch makes sense, looks low risk and well > contained, > > ACK, > Thanks. Pushed. Stefan > Daniel > > -- > Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ > [email protected] | Rpmfind RPM search engine http://rpmfind.net/ > http://veillard.com/ | virtualization library http://libvirt.org/
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
