Tree - rpms/xen - src.fedoraproject.org

rpms / xen

Blame xen-net-disable-iptables-on-bridge.patch

Blob History Raw

		8d5f5c2	`We don't want the system's iptables filter/FORWARD`
		8d5f5c2	`rules to apply to traffic on our bridge.`
		8d5f5c2
		8d5f5c2	`diff -up xen-3.2.0/tools/examples/xen-network-common.sh.disable-iptables-on-bridge xen-3.2.0/tools/examples/xen-network-common.sh`
		8d5f5c2	`--- xen-3.2.0/tools/examples/xen-network-common.sh.disable-iptables-on-bridge 2008-01-16 18:34:59.000000000 +0000`
		8d5f5c2	`+++ xen-3.2.0/tools/examples/xen-network-common.sh 2008-02-18 22:54:18.000000000 +0000`
		8d5f5c2	`@@ -109,6 +109,13 @@ create_bridge () {`
		8d5f5c2	`brctl addbr ${bridge}`
		8d5f5c2	`brctl stp ${bridge} off`
		8d5f5c2	`brctl setfd ${bridge} 0`
		8d5f5c2	`+ # Setting these to zero stops guest<->LAN traffic`
		8d5f5c2	`+ # traversing the bridge from hitting the *tables`
		8d5f5c2	`+ # rulesets. guest<->host traffic still gets processed`
		8d5f5c2	`+ # by the host's iptables rules so this isn't a hole`
		8d5f5c2	`+ sysctl -q -w "net.bridge.bridge-nf-call-arptables=0"`
		8d5f5c2	`+ sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0"`
		8d5f5c2	`+ sysctl -q -w "net.bridge.bridge-nf-call-iptables=0"`
		8d5f5c2	`fi`
		8d5f5c2	`}`
		8d5f5c2
		8d5f5c2	`diff -up xen-3.2.0/tools/examples/vif-bridge.disable-iptables-on-bridge xen-3.2.0/tools/examples/vif-bridge`
		8d5f5c2	`--- xen-3.2.0/tools/examples/vif-bridge.disable-iptables-on-bridge 2008-01-16 18:34:59.000000000 +0000`
		8d5f5c2	`+++ xen-3.2.0/tools/examples/vif-bridge 2008-02-18 22:54:18.000000000 +0000`
		8d5f5c2	`@@ -91,8 +91,6 @@ case "$command" in`
		8d5f5c2	`;;`
		8d5f5c2	`esac`
		8d5f5c2
		8d5f5c2	`-handle_iptable`
		8d5f5c2	`-`
		8d5f5c2	`log debug "Successful vif-bridge $command for $vif, bridge $bridge."`
		8d5f5c2	`if [ "$command" == "online" ]`
		8d5f5c2	`then`

rpms / xen

Source Code

Blame xen-net-disable-iptables-on-bridge.patch