mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-13 11:15:08 +00:00
Tweak masquering rules to only capture traffic leaving the virtual network
This commit is contained in:
parent
c5adab5270
commit
b7909d3276
@ -1,3 +1,9 @@
|
|||||||
|
Thu Mar 27 20:59:56 EDT 2008 Daniel P. Berrange <berrange@redhat.com>
|
||||||
|
|
||||||
|
* src/iptables.c: Ensure masquering rule only catches traffic
|
||||||
|
leaving the virtual network, and not traffic inside it
|
||||||
|
(patch from Charles Duffy)
|
||||||
|
|
||||||
Thu Mar 27 14:36:56 CET 2008 Jim Meyering <meyering@redhat.com>
|
Thu Mar 27 14:36:56 CET 2008 Jim Meyering <meyering@redhat.com>
|
||||||
|
|
||||||
lxcError: mark a string and add to the list of nearly-checked functions
|
lxcError: mark a string and add to the list of nearly-checked functions
|
||||||
|
@ -1032,6 +1032,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
|
|||||||
return iptablesAddRemoveRule(ctx->nat_postrouting,
|
return iptablesAddRemoveRule(ctx->nat_postrouting,
|
||||||
action,
|
action,
|
||||||
"--source", network,
|
"--source", network,
|
||||||
|
"--destination", "!", network,
|
||||||
"--out-interface", physdev,
|
"--out-interface", physdev,
|
||||||
"--jump", "MASQUERADE",
|
"--jump", "MASQUERADE",
|
||||||
NULL);
|
NULL);
|
||||||
@ -1039,6 +1040,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
|
|||||||
return iptablesAddRemoveRule(ctx->nat_postrouting,
|
return iptablesAddRemoveRule(ctx->nat_postrouting,
|
||||||
action,
|
action,
|
||||||
"--source", network,
|
"--source", network,
|
||||||
|
"--destination", "!", network,
|
||||||
"--jump", "MASQUERADE",
|
"--jump", "MASQUERADE",
|
||||||
NULL);
|
NULL);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user