External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

network: rename chains used by network driver nftables backend

Browse Source 
Because the chains added by the network driver nftables backend will
go into a table used only by libvirt, we don't need to have "libvirt"
in the chain names. Instead, we can make them more descriptive and
less abrasive (by using lower case, and using full words rather than
abbreviations).

Also (again because nobody else is using the private "libvirt_network"
table) we can directly put our rules into the input ("guest_to_host"),
output ("host_to_guest"), and postrouting ("guest_nat") chains rather
than creating a subordinate chain as done in the iptables backend.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Laine Stump 2024-04-29 14:21:14 -04:00
parent 0bd7a47356
commit 958aa7f274
8 changed files with 188 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/network/network_nftables.c
View File

@ -40,12 +40,13 @@ VIR_LOG_INIT("network.nftables");
#define VIR_FROM_THIS VIR_FROM_NONE
#define VIR_NFTABLES_INPUT_CHAIN "LIBVIRT_INP"
#define VIR_NFTABLES_OUTPUT_CHAIN "LIBVIRT_OUT"
#define VIR_NFTABLES_FWD_IN_CHAIN "LIBVIRT_FWI"
#define VIR_NFTABLES_FWD_OUT_CHAIN "LIBVIRT_FWO"
#define VIR_NFTABLES_FWD_X_CHAIN "LIBVIRT_FWX"
#define VIR_NFTABLES_NAT_POSTROUTE_CHAIN "LIBVIRT_PRT"
#define VIR_NFTABLES_INPUT_CHAIN "guest_to_host"
#define VIR_NFTABLES_OUTPUT_CHAIN "host_to_guest"
#define VIR_NFTABLES_FORWARD_CHAIN "forward"
#define VIR_NFTABLES_FWD_IN_CHAIN "guest_input"
#define VIR_NFTABLES_FWD_OUT_CHAIN "guest_output"
#define VIR_NFTABLES_FWD_X_CHAIN "guest_cross"
#define VIR_NFTABLES_NAT_POSTROUTE_CHAIN "guest_nat"
/* we must avoid using the standard "filter" table as used by
* iptables, as any subsequent attempts to use iptables commands will
@ -87,18 +88,15 @@ typedef struct {
nftablesGlobalChain nftablesChains[] = {
/* chains for filter rules */
{NULL, "INPUT", "{ type filter hook input priority 0; policy accept; }"},
{NULL, "FORWARD", "{ type filter hook forward priority 0; policy accept; }"},
{NULL, "OUTPUT", "{ type filter hook output priority 0; policy accept; }"},
{"INPUT", VIR_NFTABLES_INPUT_CHAIN, NULL},
{"OUTPUT", VIR_NFTABLES_OUTPUT_CHAIN, NULL},
{"FORWARD", VIR_NFTABLES_FWD_OUT_CHAIN, NULL},
{"FORWARD", VIR_NFTABLES_FWD_IN_CHAIN, NULL},
{"FORWARD", VIR_NFTABLES_FWD_X_CHAIN, NULL},
{NULL, VIR_NFTABLES_INPUT_CHAIN, "{ type filter hook input priority 0; policy accept; }"},
{NULL, VIR_NFTABLES_FORWARD_CHAIN, "{ type filter hook forward priority 0; policy accept; }"},
{NULL, VIR_NFTABLES_OUTPUT_CHAIN, "{ type filter hook output priority 0; policy accept; }"},
{VIR_NFTABLES_FORWARD_CHAIN, VIR_NFTABLES_FWD_OUT_CHAIN, NULL},
{VIR_NFTABLES_FORWARD_CHAIN, VIR_NFTABLES_FWD_IN_CHAIN, NULL},
{VIR_NFTABLES_FORWARD_CHAIN, VIR_NFTABLES_FWD_X_CHAIN, NULL},
/* chains for NAT rules */
{NULL, "POSTROUTING", "{ type nat hook postrouting priority 100; policy accept; }"},
{"POSTROUTING", VIR_NFTABLES_NAT_POSTROUTE_CHAIN, NULL},
{NULL, VIR_NFTABLES_NAT_POSTROUTE_CHAIN, "{ type nat hook postrouting priority 100; policy accept; }"},
};

36
tests/networkxml2firewalldata/nat-default-linux.nftables
View File

@ -3,7 +3,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -16,7 +16,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -29,7 +29,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -42,7 +42,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -55,7 +55,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -68,7 +68,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -81,7 +81,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -94,7 +94,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -107,7 +107,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -117,7 +117,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -127,7 +127,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -139,7 +139,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip \
saddr \
192.168.122.0/24 \
@ -152,7 +152,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
ip \
@ -168,7 +168,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -183,7 +183,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
udp \
@ -203,7 +203,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
tcp \
@ -223,7 +223,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -237,7 +237,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \

58
tests/networkxml2firewalldata/nat-ipv6-linux.nftables
View File

@ -3,7 +3,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -16,7 +16,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -29,7 +29,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -42,7 +42,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -55,7 +55,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -68,7 +68,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -81,7 +81,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -94,7 +94,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -107,7 +107,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -117,7 +117,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -127,7 +127,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -139,7 +139,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -149,7 +149,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -159,7 +159,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -171,7 +171,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -184,7 +184,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -197,7 +197,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -210,7 +210,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -223,7 +223,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -236,7 +236,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -249,7 +249,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip \
saddr \
192.168.122.0/24 \
@ -262,7 +262,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
ip \
@ -278,7 +278,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -293,7 +293,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
udp \
@ -313,7 +313,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
tcp \
@ -333,7 +333,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -347,7 +347,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -361,7 +361,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip6 \
saddr \
2001:db8:ca2:2::/64 \
@ -374,7 +374,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWI \
guest_input \
ip6 \
daddr \
2001:db8:ca2:2::/64 \

66
tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
View File

@ -3,7 +3,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -16,7 +16,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -29,7 +29,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -42,7 +42,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -55,7 +55,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -68,7 +68,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -81,7 +81,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -94,7 +94,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -107,7 +107,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -117,7 +117,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -127,7 +127,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -139,7 +139,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -149,7 +149,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -159,7 +159,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -171,7 +171,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -184,7 +184,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -197,7 +197,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -210,7 +210,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -223,7 +223,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -236,7 +236,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -249,7 +249,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip \
saddr \
192.168.122.0/24 \
@ -262,7 +262,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
ip \
@ -278,7 +278,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -293,7 +293,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
udp \
@ -313,7 +313,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
tcp \
@ -333,7 +333,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -347,7 +347,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -361,7 +361,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip6 \
saddr \
2001:db8:ca2:2::/64 \
@ -374,7 +374,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
ip6 \
@ -390,7 +390,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip6 \
saddr \
2001:db8:ca2:2::/64 \
@ -405,7 +405,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
udp \
@ -425,7 +425,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
tcp \
@ -445,7 +445,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip6 \
saddr \
2001:db8:ca2:2::/64 \

64
tests/networkxml2firewalldata/nat-many-ips-linux.nftables
View File

@ -3,7 +3,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -16,7 +16,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -29,7 +29,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -42,7 +42,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -55,7 +55,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -68,7 +68,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -81,7 +81,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -94,7 +94,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -107,7 +107,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -117,7 +117,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -127,7 +127,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -139,7 +139,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip \
saddr \
192.168.122.0/24 \
@ -152,7 +152,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
ip \
@ -168,7 +168,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -183,7 +183,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
udp \
@ -203,7 +203,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
tcp \
@ -223,7 +223,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -237,7 +237,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -251,7 +251,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip \
saddr \
192.168.128.0/24 \
@ -264,7 +264,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
ip \
@ -280,7 +280,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.128.0/24 \
@ -295,7 +295,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
udp \
@ -315,7 +315,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
tcp \
@ -335,7 +335,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.128.0/24 \
@ -349,7 +349,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.128.0/24 \
@ -363,7 +363,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip \
saddr \
192.168.150.0/24 \
@ -376,7 +376,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
ip \
@ -392,7 +392,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.150.0/24 \
@ -407,7 +407,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
udp \
@ -427,7 +427,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
tcp \
@ -447,7 +447,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.150.0/24 \
@ -461,7 +461,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.150.0/24 \

58
tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
View File

@ -3,7 +3,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -16,7 +16,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -29,7 +29,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -42,7 +42,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -55,7 +55,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -68,7 +68,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -81,7 +81,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -94,7 +94,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -107,7 +107,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -117,7 +117,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -127,7 +127,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -139,7 +139,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -149,7 +149,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -159,7 +159,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -171,7 +171,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -184,7 +184,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -197,7 +197,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -210,7 +210,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -223,7 +223,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -236,7 +236,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -249,7 +249,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip \
saddr \
192.168.122.0/24 \
@ -262,7 +262,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
ip \
@ -278,7 +278,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -293,7 +293,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
udp \
@ -313,7 +313,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
tcp \
@ -333,7 +333,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -347,7 +347,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -361,7 +361,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip6 \
saddr \
2001:db8:ca2:2::/64 \
@ -374,7 +374,7 @@ nft \
rule \
ip6 \
libvirt_network \
LIBVIRT_FWI \
guest_input \
ip6 \
daddr \
2001:db8:ca2:2::/64 \

40
tests/networkxml2firewalldata/nat-tftp-linux.nftables
View File

@ -3,7 +3,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -16,7 +16,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -29,7 +29,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -42,7 +42,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -55,7 +55,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -68,7 +68,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -81,7 +81,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -94,7 +94,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -107,7 +107,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -120,7 +120,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -133,7 +133,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -143,7 +143,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -153,7 +153,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -165,7 +165,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip \
saddr \
192.168.122.0/24 \
@ -178,7 +178,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
ip \
@ -194,7 +194,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -209,7 +209,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
udp \
@ -229,7 +229,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
meta \
l4proto \
tcp \
@ -249,7 +249,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
@ -263,7 +263,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
guest_nat \
ip \
saddr \
192.168.122.0/24 \

26
tests/networkxml2firewalldata/route-default-linux.nftables
View File

@ -3,7 +3,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -16,7 +16,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -29,7 +29,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -42,7 +42,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -55,7 +55,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
tcp \
@ -68,7 +68,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
guest_to_host \
iifname \
virbr0 \
udp \
@ -81,7 +81,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
tcp \
@ -94,7 +94,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
host_to_guest \
oifname \
virbr0 \
udp \
@ -107,7 +107,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
iifname \
virbr0 \
counter \
@ -117,7 +117,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
oifname \
virbr0 \
counter \
@ -127,7 +127,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWX \
guest_cross \
iifname \
virbr0 \
oifname \
@ -139,7 +139,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
guest_output \
ip \
saddr \
192.168.122.0/24 \
@ -152,7 +152,7 @@ nft \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
guest_input \
ip \
daddr \
192.168.122.0/24 \