diff --git a/ChangeLog b/ChangeLog index b0cda86679..24521bc78f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +Thu Jan 10 13:54:10 GMT 2008 Mark McLoughlin + + --with-iptables-prefix was added to integrate with + a proposed system for letting iptables know how to + reload our rules. The proposed system wasn't accepted + so, although there might be some other theoretical + use for this, let's just remove it. + + * configure.in, src/iptables.c: remove --with-iptables-prefix + Thu Jan 10 13:52:05 GMT 2008 Mark McLoughlin Add support for integrating our iptables support with diff --git a/configure.in b/configure.in index fe36718fb0..cd1a4119fb 100644 --- a/configure.in +++ b/configure.in @@ -182,16 +182,6 @@ fi AM_CONDITIONAL(LIBVIRT_INIT_SCRIPTS_RED_HAT, test x$with_init_scripts = xredhat) AC_MSG_RESULT($with_init_scripts) -dnl -dnl allow the creation of iptables rules in chains with a -dnl specific prefix rather than in the standard toplevel chains -dnl -AC_ARG_WITH(iptables-prefix, - AC_HELP_STRING([--with-iptables-prefix=prefix], - [prefix used for iptables chains, default is to use standard toplevel chains]), - [IPTABLES_PREFIX=$withval]) -AC_DEFINE_UNQUOTED(IPTABLES_PREFIX, "$IPTABLES_PREFIX", [prefix used for iptables chains]) - dnl dnl also support saving the various chains to files dnl in e.g. /etc/sysconfig/iptables.d diff --git a/src/iptables.c b/src/iptables.c index 21363ba1a6..12013af1ce 100644 --- a/src/iptables.c +++ b/src/iptables.c @@ -592,13 +592,13 @@ iptablesContextNew(void) if (!(ctx = calloc(1, sizeof (*ctx)))) return NULL; - if (!(ctx->input_filter = iptRulesNew("filter", IPTABLES_PREFIX "INPUT"))) + if (!(ctx->input_filter = iptRulesNew("filter", "INPUT"))) goto error; - if (!(ctx->forward_filter = iptRulesNew("filter", IPTABLES_PREFIX "FORWARD"))) + if (!(ctx->forward_filter = iptRulesNew("filter", "FORWARD"))) goto error; - if (!(ctx->nat_postrouting = iptRulesNew("nat", IPTABLES_PREFIX "POSTROUTING"))) + if (!(ctx->nat_postrouting = iptRulesNew("nat", "POSTROUTING"))) goto error; return ctx;