NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-20 11:48:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Read-only mirror. Please submit merge requests / issues to https://gitlab.com/libvirt/libvirt
5,385 Commits 67 Branches 632 Tags 1.1 GiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%
2b3df906f3
Go to file
Stefan Berger 2b3df906f3 nwfilter: cut off connections after changing filters 
The following filter transition from a filter allowing incoming TCP connections

  <rule action='accept' direction='in' priority='401'>
    <tcp/>
  </rule>
  <rule action='accept' direction='out' priority='500'>
    <tcp/>
  </rule>

to one that does not allow them

  <rule action='drop' direction='in' priority='401'>
    <tcp/>
  </rule>
  <rule action='accept' direction='out' priority='500'>
    <tcp/>
  </rule>

did previously not cut off existing (ssh) connections but only prevented newly initiated ones. The attached patch allows to cut off existing connections as well, thus enforcing what the filter is showing.

I had only tested with a configuration where the physical interface is connected to the bridge where the filters are applied. This patch now also solves a filtering problem where the physical interface is not connected to the bridge, but the bridge is given an IP address and the host routes between bridge and physical interface. Here the filters drop non-allowed traffic on the outgoing side on the host.
2010-10-14 08:54:03 -04:00
.gnulib@b6d1430494 build: fix mingw build 2010-10-14 05:51:01 -06:00
build-aux build: update gnulib 2010-03-26 19:16:37 +01:00
daemon Remote protocol implementation of virDomainSet/GetMemoryParameters 2010-10-12 19:26:10 +02:00
docs Fixes for documentation extraction 2010-10-13 13:50:07 +02:00
examples build: fix example build on MacOS X 2010-09-30 11:34:00 -06:00
include Fixes for documentation extraction 2010-10-13 13:50:07 +02:00
m4 build: restore operation of bit-rotted 'make cov' 2010-07-29 13:41:25 -06:00
po Libvirt release 0.8.4 2010-09-10 17:24:36 +02:00
proxy build: fix up some compiler flags 2010-05-17 09:12:42 -06:00
python Fix several minor problems introduced by the memtune series 2010-10-12 21:24:11 +02:00
src nwfilter: cut off connections after changing filters 2010-10-14 08:54:03 -04:00
tests tests: Honor LIBVIRT_{DEBUG,LOG_*} variables 2010-10-14 09:36:54 +02:00
tools virsh: update comment about parsing 2010-10-13 07:52:33 -06:00
.gitignore build: restore operation of bit-rotted 'make cov' 2010-07-29 13:41:25 -06:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap maint: update an email address preference 2010-08-10 08:13:22 -06:00
.x-sc_avoid_ctype_macros exempt gnulib from ctype-macros prohibition 2008-10-28 17:36:31 +00:00
.x-sc_avoid_if_before_free avoid a "make syntax-check" failure 2009-07-09 20:00:37 +02:00
.x-sc_avoid_write Fully asynchronous monitor I/O processing 2009-11-10 13:27:18 +00:00
.x-sc_m4_quote_check syntax-check: enable more checks 2009-02-03 13:08:36 +00:00
.x-sc_prohibit_always_true_header_tests build: update gnulib 2010-05-06 14:35:38 -06:00
.x-sc_prohibit_asprintf add .x-sc_prohibit_asprintf 2008-12-23 13:40:42 +00:00
.x-sc_prohibit_gethostby Various syntax-check fixes. 2009-10-26 10:34:05 +01:00
.x-sc_prohibit_gethostname Add a new syntax-check rule for gethostname. 2009-10-26 10:34:27 +01:00
.x-sc_prohibit_gettext_noop build: fix syntax-check problems 2010-04-12 16:43:05 -06:00
.x-sc_prohibit_have_config_h maint: sync from coreutils 2009-01-29 18:06:19 +00:00
.x-sc_prohibit_HAVE_MBRTOWC maint: sync from coreutils 2009-01-29 18:06:19 +00:00
.x-sc_prohibit_nonreentrant Tighten up nonreentrant syntax-check. 2009-10-26 10:33:42 +01:00
.x-sc_prohibit_readlink Add a rule to check for uses of readlink. 2010-01-22 09:42:35 -05:00
.x-sc_prohibit_strcmp exempt gnulib/ from "make syntax-check" strcmp prohibition 2008-05-14 21:18:27 +00:00
.x-sc_prohibit_strcmp_and_strncmp Ignore docs/ directory for strcmp() syntax check 2009-11-23 11:58:13 +00:00
.x-sc_prohibit_strncpy Avoid checking against strncpy in virsh.c 2010-10-12 19:26:10 +02:00
.x-sc_prohibit_test_minus_ao build: fix syntax-check problems 2010-04-12 16:43:05 -06:00
.x-sc_prohibit_VIR_ERR_NO_MEMORY Various syntax-check fixes. 2009-10-26 10:34:05 +01:00
.x-sc_require_config_h Various syntax-check fixes. 2009-10-26 10:34:05 +01:00
.x-sc_require_config_h_first Misc syntax-check fixes 2009-09-21 14:41:47 +01:00
.x-sc_trailing_blank build: exempt *.ico files from the trailing blank check 2008-10-16 13:28:07 +00:00
.x-sc_unmarked_diagnostics build: import latest gnulib 2010-04-02 10:18:55 -06:00
acinclude.m4 maint: turn on gcc logical-op checking 2010-07-28 15:25:36 +02:00
AUTHORS virsh: better support double quote 2010-10-13 07:52:32 -06:00
autobuild.sh autobuild.sh: avoid bashism 2010-06-04 10:03:52 -06:00
autogen.sh build: require pkg-config for bootstrap 2010-10-05 13:54:39 -06:00
bootstrap build: fix mingw build 2010-10-14 05:51:01 -06:00
bootstrap.conf build: require pkg-config for bootstrap 2010-10-05 13:54:39 -06:00
cfg.mk Avoid unnecessary bootstrap runs in VPATH builds 2010-08-11 09:20:26 +02:00
ChangeLog-old generate ChangeLog from git logs into distribution tarball 2009-07-08 16:17:51 +02:00
configure.ac build: provide URL in 'configure --help' 2010-10-14 05:51:01 -06:00
COPYING.LIB remove all trailing blank lines 2009-07-16 15:06:42 +02:00
HACKING docs: hacking: explain why using curly braces well is important 2010-05-04 15:41:21 +02:00
libvirt.pc.in * libvirt.pc.in: applied patch from Daniel Berrange to fix --cflags 2006-03-24 13:18:12 +00:00
libvirt.spec.in Libvirt release 0.8.4 2010-09-10 17:24:36 +02:00
Makefile.am build: restore operation of bit-rotted 'make cov' 2010-07-29 13:41:25 -06:00
Makefile.nonreentrant syntax-check: enable prohibit_nonreentrant 2009-02-05 16:28:41 +00:00
mingw32-libvirt.spec.in mingw: match recent changes in spec file 2010-09-07 11:17:13 -06:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>