news: Document kernel requirements for virtual networks

After 7431b3eb9a05068e4b libvirt requires "filter", "nat" and "mangle" tables to exist for both IPv4 and IPv6. This fact was missed in the news.xml and since we don't have any better place to advertise that let's update old news. This was refined in 686803a1a2e and since that is not released yet create a new entry documenting the refinement. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2025-02-22 03:12:22 +00:00 · 2019-03-11 13:09:52 +01:00 · 2019-03-11 13:09:52 +01:00 · 96509caf0f
commit 96509caf0f
parent 280a2b41e6
1 changed files with 15 additions and 1 deletions
--- a/docs/news.xml
+++ b/docs/news.xml
@ -124,6 +124,18 @@
          Report class information for PCI node device capability.
        </summary>
      </change>
+      <change>
+        <summary>
+          Split setup of IPv4 and IPv6 top level chain
+        </summary>
+        <description>
+          The requirement resulting from private chains improvement done
+          in <code>v5.1.0</code> was refined so that only tables from
+          corresponding IP version are required. This means that if a
+          network doesn't have <code>IPv6</code> enabled then those
+          tables are not required.
+        </description>
+      </change>
    </section>
    <section title="Bug fixes">
    </section>
@ -202,7 +214,9 @@
          Historically firewall rules for virtual networks were added
          straight into the base chains. This works but has a number of
          bugs and design limitations. To address them, libvirt now puts
-          firewall rules into its own chains.
+          firewall rules into its own chains. Note that with this change the
+          <code>filter</code>, <code>nat</code> and <code>mangle</code> tables
+          are required for both <code>IPv4</code> and <code>IPv6</code>.
        </description>
      </change>
      <change>