From: Daniel P. Berrangé <berra...@redhat.com> Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> --- NEWS.rst | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst index e5e8626729..c7bfac1db4 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -48,6 +48,14 @@ v11.6.0 (unreleased) * **Bug fixes** + * The nwfilter driver no longer recreates the base iptable/ip6tables chains + + The nwfilter driver had a impl mistake causing it to recreate the + base chains for iptables/ip6tables every time a VM was started. + This allowed a small window where traffic might not be fully + filtered. It now handles iptables/ip6tables the same way as + ebtables, creating the base chains only if they did not already + exist. v11.5.0 (2025-07-01) ==================== -- 2.50.1
