External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-06 09:55:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
02b8045517
libvirt/tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args
Daniel P. Berrangé 02b8045517 nwfilter: drop support for legacy iptables match syntax 
Long ago we adapted to iptables changes by introducing support
for '-m conntrack':

  commit 06844ccbaa
  Author: Stefan Berger <stefanb@us.ibm.com>
  Date:   Tue Aug 6 20:30:46 2013 -0400

    nwfilter: Use -m conntrack rather than -m state

    Since iptables version 1.4.16 '-m state --state NEW' is converted to
    '-m conntrack --ctstate NEW'. Therefore, when encountering this or later
    versions of iptables use '-m conntrack --ctstate'.

Given our supported platform targets, we no longer need to
consider a version of iptables before 1.4.16, so can drop
support for the old syntax.

The test suite updates are triggered because that never
probed for the new syntax, and so unconditionally
generated the old syntax.

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-03-09 11:37:12 +00:00

111 lines
1.6 KiB
Plaintext
Raw Blame History

ip6tables \
-w \
-A FJ-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
-j RETURN
ip6tables \
-w \
-A FP-vnet0 \
-p tcp \
--source a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
-j ACCEPT
ip6tables \
-w \
-A HJ-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination a:b:c::d:e:f/128 \
-m dscp \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
-j RETURN
ip6tables \
-w \
-A FJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
-j RETURN
ip6tables \
-w \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source a:b:c::/128 \
-m dscp \
--dscp 33 \
--sport 20:21 \
--dport 100:1111 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-w \
-A HJ-vnet0 \
-p tcp \
--destination a:b:c::/128 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
-j RETURN
ip6tables \
-w \
-A FJ-vnet0 \
-p tcp \
--destination ::ffff:10.1.2.3/128 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
-j RETURN
ip6tables \
-w \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source ::ffff:10.1.2.3/128 \
-m dscp \
--dscp 63 \
--sport 255:256 \
--dport 65535:65535 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
-j ACCEPT
ip6tables \
-w \
-A HJ-vnet0 \
-p tcp \
--destination ::ffff:10.1.2.3/128 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
-j RETURN
Reference in New Issue View Git Blame Copy Permalink