now that we only use built-in iptables chains, we don't

need to add or delete them
This commit is contained in:
Mark McLoughlin 2008-01-10 13:58:59 +00:00
parent 9b29b2a2a5
commit 2d2e410818
2 changed files with 5 additions and 60 deletions

View File

@ -1,3 +1,8 @@
Thu Jan 10 13:57:56 GMT 2008 Mark McLoughlin <markmc@redhat.com>
* src/iptables.c: now that we only use built-in iptables
chains, we don't need to add or delete them
Thu Jan 10 13:56:33 GMT 2008 Mark McLoughlin <markmc@redhat.com> Thu Jan 10 13:56:33 GMT 2008 Mark McLoughlin <markmc@redhat.com>
Like --with-iptables-prefix, --with-iptables-dir is no Like --with-iptables-prefix, --with-iptables-dir is no

View File

@ -395,53 +395,6 @@ iptRulesNew(const char *table,
return NULL; return NULL;
} }
static int
iptablesAddRemoveChain(iptRules *rules, int action)
{
char **argv;
int retval = ENOMEM;
int n, status;
n = 1 + /* /sbin/iptables */
2 + /* --table foo */
2; /* --new-chain bar */
if (!(argv = calloc(n + 1, sizeof(*argv))))
goto error;
n = 0;
if (!(argv[n++] = strdup(IPTABLES_PATH)))
goto error;
if (!(argv[n++] = strdup("--table")))
goto error;
if (!(argv[n++] = strdup(rules->table)))
goto error;
if (!(argv[n++] = strdup(action == ADD ? "--new-chain" : "--delete-chain")))
goto error;
if (!(argv[n++] = strdup(rules->chain)))
goto error;
if (virRun(NULL, argv, &status) < 0)
retval = errno;
retval = 0;
error:
if (argv) {
n = 0;
while (argv[n])
free(argv[n++]);
free(argv);
}
return retval;
}
static char * static char *
argvToString(char **argv) argvToString(char **argv)
{ {
@ -530,19 +483,11 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
goto error; goto error;
} }
if (action == ADD &&
(retval = iptablesAddRemoveChain(rules, action)))
goto error;
if (virRun(NULL, argv, NULL) < 0) { if (virRun(NULL, argv, NULL) < 0) {
retval = errno; retval = errno;
goto error; goto error;
} }
if (action == REMOVE &&
(retval = iptablesAddRemoveChain(rules, action)))
goto error;
if (action == ADD) { if (action == ADD) {
retval = iptRulesAppend(rules, rule, argv, command_idx); retval = iptRulesAppend(rules, rule, argv, command_idx);
rule = NULL; rule = NULL;
@ -634,11 +579,6 @@ iptRulesReload(iptRules *rules)
rule->argv[rule->command_idx] = orig; rule->argv[rule->command_idx] = orig;
} }
if ((retval = iptablesAddRemoveChain(rules, REMOVE)) ||
(retval = iptablesAddRemoveChain(rules, ADD)))
qemudLog(QEMUD_WARN, "Failed to re-create chain '%s' in table '%s': %s",
rules->chain, rules->table, strerror(retval));
for (i = 0; i < rules->nrules; i++) for (i = 0; i < rules->nrules; i++)
if (virRun(NULL, rules->rules[i].argv, NULL) < 0) if (virRun(NULL, rules->rules[i].argv, NULL) < 0)
qemudLog(QEMUD_WARN, "Failed to add iptables rule '%s' to chain '%s' in table '%s': %s", qemudLog(QEMUD_WARN, "Failed to add iptables rule '%s' to chain '%s' in table '%s': %s",