mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-08 07:15:46 +00:00
network: add more debugging of firewall chain creation
Reviewed-by: Jim Fehlig <jfehlig@suse.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
4330d13852
commit
3b66bd9aa1
@ -45,28 +45,42 @@ static void networkSetupPrivateChains(void)
|
|||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
VIR_DEBUG("Setting up global firewall chains");
|
||||||
|
|
||||||
createdChains = false;
|
createdChains = false;
|
||||||
|
|
||||||
rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4);
|
rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
|
VIR_DEBUG("Failed to create global IPv4 chains: %s",
|
||||||
|
virGetLastErrorMessage());
|
||||||
errInitV4 = virSaveLastError();
|
errInitV4 = virSaveLastError();
|
||||||
virResetLastError();
|
virResetLastError();
|
||||||
} else {
|
} else {
|
||||||
virFreeError(errInitV4);
|
virFreeError(errInitV4);
|
||||||
errInitV4 = NULL;
|
errInitV4 = NULL;
|
||||||
if (rc)
|
if (rc) {
|
||||||
|
VIR_DEBUG("Created global IPv4 chains");
|
||||||
createdChains = true;
|
createdChains = true;
|
||||||
|
} else {
|
||||||
|
VIR_DEBUG("Global IPv4 chains already exist");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV6);
|
rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV6);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
|
VIR_DEBUG("Failed to create global IPv6 chains: %s",
|
||||||
|
virGetLastErrorMessage());
|
||||||
errInitV6 = virSaveLastError();
|
errInitV6 = virSaveLastError();
|
||||||
virResetLastError();
|
virResetLastError();
|
||||||
} else {
|
} else {
|
||||||
virFreeError(errInitV6);
|
virFreeError(errInitV6);
|
||||||
errInitV6 = NULL;
|
errInitV6 = NULL;
|
||||||
if (rc)
|
if (rc) {
|
||||||
|
VIR_DEBUG("Created global IPv6 chains");
|
||||||
createdChains = true;
|
createdChains = true;
|
||||||
|
} else {
|
||||||
|
VIR_DEBUG("Global IPv6 chains already exist");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -95,8 +109,10 @@ void networkPreReloadFirewallRules(bool startup)
|
|||||||
* rules will be present. Thus we can safely just tell it
|
* rules will be present. Thus we can safely just tell it
|
||||||
* to always delete from the builin chain
|
* to always delete from the builin chain
|
||||||
*/
|
*/
|
||||||
if (startup && createdChains)
|
if (startup && createdChains) {
|
||||||
|
VIR_DEBUG("Requesting cleanup of legacy firewall rules");
|
||||||
iptablesSetDeletePrivate(false);
|
iptablesSetDeletePrivate(false);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user