mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
add iptablesSaveRules(), and don't save the rules to disk
and run lokkit each time a new rule is added.
This commit is contained in:
parent
2d2e410818
commit
73ab4e0845
@ -1,3 +1,11 @@
|
||||
Thu Jan 10 13:59:15 GMT 2008 Mark McLoughlin <markmc@redhat.com>
|
||||
|
||||
* src/iptables.[ch]: add iptablesSaveRules(), and don't
|
||||
save the rules to disk and run lokkit each time a new
|
||||
rule is added
|
||||
|
||||
* src/qemu_driver.c: use iptablesSaveRules()
|
||||
|
||||
Thu Jan 10 13:57:56 GMT 2008 Mark McLoughlin <markmc@redhat.com>
|
||||
|
||||
* src/iptables.c: now that we only use built-in iptables
|
||||
|
@ -232,6 +232,25 @@ writeRules(const char *path,
|
||||
}
|
||||
#endif /* ENABLE_IPTABLES_LOKKIT */
|
||||
|
||||
static void
|
||||
iptRulesSave(iptRules *rules)
|
||||
{
|
||||
#ifdef ENABLE_IPTABLES_LOKKIT
|
||||
int err;
|
||||
|
||||
if ((err = writeRules(rules->path, rules->rules, rules->nrules))) {
|
||||
qemudLog(QEMUD_WARN, "Failed to saves iptables rules to %s : %s",
|
||||
rules->path, strerror(err));
|
||||
return;
|
||||
}
|
||||
|
||||
if (rules->nrules > 0)
|
||||
notifyRulesUpdated(rules->table, rules->path);
|
||||
else
|
||||
notifyRulesRemoved(rules->table, rules->path);
|
||||
#endif /* ENABLE_IPTABLES_LOKKIT */
|
||||
}
|
||||
|
||||
static void
|
||||
iptRuleFree(iptRule *rule)
|
||||
{
|
||||
@ -272,20 +291,6 @@ iptRulesAppend(iptRules *rules,
|
||||
|
||||
rules->nrules++;
|
||||
|
||||
#ifdef ENABLE_IPTABLES_LOKKIT
|
||||
{
|
||||
int err;
|
||||
|
||||
if ((err = virFileMakePath(rules->dir)))
|
||||
return err;
|
||||
|
||||
if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
|
||||
return err;
|
||||
}
|
||||
|
||||
notifyRulesUpdated(rules->table, rules->path);
|
||||
#endif /* ENABLE_IPTABLES_LOKKIT */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -310,20 +315,6 @@ iptRulesRemove(iptRules *rules,
|
||||
|
||||
rules->nrules--;
|
||||
|
||||
#ifdef ENABLE_IPTABLES_LOKKIT
|
||||
{
|
||||
int err;
|
||||
|
||||
if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
|
||||
return err;
|
||||
}
|
||||
|
||||
if (rules->nrules > 0)
|
||||
notifyRulesUpdated(rules->table, rules->path);
|
||||
else
|
||||
notifyRulesRemoved(rules->table, rules->path);
|
||||
#endif /* ENABLE_IPTABLES_LOKKIT */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -559,6 +550,22 @@ iptablesContextFree(iptablesContext *ctx)
|
||||
free(ctx);
|
||||
}
|
||||
|
||||
/**
|
||||
* iptablesSaveRules:
|
||||
* @ctx: pointer to the IP table context
|
||||
*
|
||||
* Saves all the IP table rules associated with a context
|
||||
* to disk so that if iptables is restarted, the rules
|
||||
* will automatically be reload.
|
||||
*/
|
||||
void
|
||||
iptablesSaveRules(iptablesContext *ctx)
|
||||
{
|
||||
iptRulesSave(ctx->input_filter);
|
||||
iptRulesSave(ctx->forward_filter);
|
||||
iptRulesSave(ctx->nat_postrouting);
|
||||
}
|
||||
|
||||
static void
|
||||
iptRulesReload(iptRules *rules)
|
||||
{
|
||||
|
@ -29,6 +29,7 @@ typedef struct _iptablesContext iptablesContext;
|
||||
iptablesContext *iptablesContextNew (void);
|
||||
void iptablesContextFree (iptablesContext *ctx);
|
||||
|
||||
void iptablesSaveRules (iptablesContext *ctx);
|
||||
void iptablesReloadRules (iptablesContext *ctx);
|
||||
|
||||
int iptablesAddTcpInput (iptablesContext *ctx,
|
||||
|
@ -1009,8 +1009,10 @@ qemudAddIptablesRules(virConnectPtr conn,
|
||||
|
||||
|
||||
/* The remaining rules are only needed for IP forwarding */
|
||||
if (!network->def->forward)
|
||||
if (!network->def->forward) {
|
||||
iptablesSaveRules(driver->iptables);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* allow forwarding packets from the bridge interface */
|
||||
if ((err = iptablesAddForwardAllowOut(driver->iptables,
|
||||
@ -1044,6 +1046,8 @@ qemudAddIptablesRules(virConnectPtr conn,
|
||||
goto err10;
|
||||
}
|
||||
|
||||
iptablesSaveRules(driver->iptables);
|
||||
|
||||
return 1;
|
||||
|
||||
err10:
|
||||
@ -1100,6 +1104,7 @@ qemudRemoveIptablesRules(struct qemud_driver *driver,
|
||||
iptablesRemoveTcpInput(driver->iptables, network->bridge, 53);
|
||||
iptablesRemoveUdpInput(driver->iptables, network->bridge, 67);
|
||||
iptablesRemoveTcpInput(driver->iptables, network->bridge, 67);
|
||||
iptablesSaveRules(driver->iptables);
|
||||
}
|
||||
|
||||
static int
|
||||
|
Loading…
Reference in New Issue
Block a user