NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

nwfilter: Clear all state tracking from a drop rule

Browse Source 
Don't use state-matching in a drop rule.
This commit is contained in:
Stefan Berger 2010-04-16 07:34:36 -04:00
parent 3a7f2fc3b2
commit d2327278fb
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/nwfilter/nwfilter_ebiptables_driver.c
View File

@ -1380,13 +1380,16 @@ _iptablesCreateRuleInstance(int directionIn,
return 0; return 0;
} }
if (rule->action == VIR_NWFILTER_RULE_ACTION_ACCEPT)
target = accept_target;
else {
target = "DROP";
match = NULL;
}
if (match) if (match)
virBufferVSprintf(&buf, " %s", match); virBufferVSprintf(&buf, " %s", match);
if (rule->action == VIR_NWFILTER_RULE_ACTION_ACCEPT)
target = accept_target;
else
target = "DROP";
virBufferVSprintf(&buf, virBufferVSprintf(&buf,
" -j %s" CMD_DEF_POST CMD_SEPARATOR " -j %s" CMD_DEF_POST CMD_SEPARATOR