Re: [libvirt] [PATCH 0/7] POC: Saner firewall integration

2014-03-13 Thread Laine Stump
On 03/12/2014 07:21 AM, Daniel P. Berrange wrote: > We currently have three areas of code which deal with firewall > changes. The bridge driver's iptables usage, the QEMU driver's > ebtables usage for mac filters and the nwfilter code. > > These all directly invoke the iptables/ebtables commands or

[libvirt] [PATCH 0/7] POC: Saner firewall integration

2014-03-12 Thread Daniel P. Berrange
We currently have three areas of code which deal with firewall changes. The bridge driver's iptables usage, the QEMU driver's ebtables usage for mac filters and the nwfilter code. These all directly invoke the iptables/ebtables commands or in the case of nwfilter invoke horrible generated shell sc