From 2d2e410818b39899bf8fe2f6139d21741a292736 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Thu, 10 Jan 2008 13:58:59 +0000
Subject: [PATCH] now that we only use built-in iptables chains, we don't need
 to add or delete them

---
 ChangeLog      |  5 +++++
 src/iptables.c | 60 --------------------------------------------------
 2 files changed, 5 insertions(+), 60 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3b7067471e..fe941de796 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Thu Jan 10 13:57:56 GMT 2008 Mark McLoughlin <markmc@redhat.com>
+
+	* src/iptables.c: now that we only use built-in iptables
+	chains, we don't need to add or delete them
+
 Thu Jan 10 13:56:33 GMT 2008 Mark McLoughlin <markmc@redhat.com>
 
 	Like --with-iptables-prefix, --with-iptables-dir is no
diff --git a/src/iptables.c b/src/iptables.c
index c865cd49ed..14153e522c 100644
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -395,53 +395,6 @@ iptRulesNew(const char *table,
     return NULL;
 }
 
-static int
-iptablesAddRemoveChain(iptRules *rules, int action)
-{
-    char **argv;
-    int retval = ENOMEM;
-    int n, status;
-
-    n = 1 + /* /sbin/iptables    */
-        2 + /*   --table foo     */
-        2;  /*   --new-chain bar */
-
-    if (!(argv = calloc(n + 1, sizeof(*argv))))
-        goto error;
-
-    n = 0;
-
-    if (!(argv[n++] = strdup(IPTABLES_PATH)))
-        goto error;
-
-    if (!(argv[n++] = strdup("--table")))
-        goto error;
-
-    if (!(argv[n++] = strdup(rules->table)))
-        goto error;
-
-    if (!(argv[n++] = strdup(action == ADD ? "--new-chain" : "--delete-chain")))
-        goto error;
-
-    if (!(argv[n++] = strdup(rules->chain)))
-        goto error;
-
-    if (virRun(NULL, argv, &status) < 0)
-        retval = errno;
-
-    retval = 0;
-
- error:
-    if (argv) {
-        n = 0;
-        while (argv[n])
-            free(argv[n++]);
-        free(argv);
-    }
-
-    return retval;
-}
-
 static char *
 argvToString(char **argv)
 {
@@ -530,19 +483,11 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
             goto error;
     }
 
-    if (action == ADD &&
-        (retval = iptablesAddRemoveChain(rules, action)))
-        goto error;
-
     if (virRun(NULL, argv, NULL) < 0) {
         retval = errno;
         goto error;
     }
 
-    if (action == REMOVE &&
-        (retval = iptablesAddRemoveChain(rules, action)))
-        goto error;
-
     if (action == ADD) {
         retval = iptRulesAppend(rules, rule, argv, command_idx);
         rule = NULL;
@@ -634,11 +579,6 @@ iptRulesReload(iptRules *rules)
         rule->argv[rule->command_idx] = orig;
     }
 
-    if ((retval = iptablesAddRemoveChain(rules, REMOVE)) ||
-        (retval = iptablesAddRemoveChain(rules, ADD)))
-        qemudLog(QEMUD_WARN, "Failed to re-create chain '%s' in table '%s': %s",
-                 rules->chain, rules->table, strerror(retval));
-
     for (i = 0; i < rules->nrules; i++)
         if (virRun(NULL, rules->rules[i].argv, NULL) < 0)
             qemudLog(QEMUD_WARN, "Failed to add iptables rule '%s' to chain '%s' in table '%s': %s",