shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-11 09:17:52 +03:00
Code Releases Activity

nwfilter: Clear all state tracking from a drop rule

Browse Source 
Don't use state-matching in a drop rule.
This commit is contained in:
Stefan Berger 2010-04-16 07:34:36 -04:00
parent 3a7f2fc3b2
commit d2327278fb
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/nwfilter/nwfilter_ebiptables_driver.c
View File

@ -1380,13 +1380,16 @@ _iptablesCreateRuleInstance(int directionIn,
return 0;
}
if (rule->action == VIR_NWFILTER_RULE_ACTION_ACCEPT)
target = accept_target;
else {
target = "DROP";
match = NULL;
}
if (match)
virBufferVSprintf(&buf, " %s", match);
if (rule->action == VIR_NWFILTER_RULE_ACTION_ACCEPT)
target = accept_target;
else
target = "DROP";
virBufferVSprintf(&buf,
" -j %s" CMD_DEF_POST CMD_SEPARATOR