diff options
author | Stefan Berger <stefanb@us.ibm.com> | 2010-06-17 14:12:34 -0400 |
---|---|---|
committer | Stefan Berger <stefanb@us.ibm.com> | 2010-06-17 14:12:34 -0400 |
commit | 51d3fb02768bb10fbba70e9c4466456c0488ced6 (patch) | |
tree | d0c56629276a39b588597aa54230e91317146012 /tests/nwfilterxml2xmlout | |
parent | virsh: ensure persistence and autostart are shown for dominfo and pool-info (diff) | |
download | libvirt-51d3fb02768bb10fbba70e9c4466456c0488ced6.tar.gz libvirt-51d3fb02768bb10fbba70e9c4466456c0488ced6.tar.bz2 libvirt-51d3fb02768bb10fbba70e9c4466456c0488ced6.zip |
nwfilter: add XML attribute to control iptables state match
This patch adds an optional XML attribute to a nwfilter rule to give the user control over whether the rule is supposed to be using the iptables state match or not. A rule may now look like shown in the XML below with the statematch attribute either having value '0' or 'false' (case-insensitive).
[...]
<rule action='accept' direction='in' statematch='false'>
<tcp srcmacaddr='1:2:3:4:5:6'
srcipaddr='10.1.2.3' srcipmask='32'
dscp='33'
srcportstart='20' srcportend='21'
dstportstart='100' dstportend='1111'/>
</rule>
[...]
I am also extending the nwfilter schema and add this attribute to a test case.
Diffstat (limited to 'tests/nwfilterxml2xmlout')
-rw-r--r-- | tests/nwfilterxml2xmlout/tcp-test.xml | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/nwfilterxml2xmlout/tcp-test.xml b/tests/nwfilterxml2xmlout/tcp-test.xml index a13afe149..4037808c4 100644 --- a/tests/nwfilterxml2xmlout/tcp-test.xml +++ b/tests/nwfilterxml2xmlout/tcp-test.xml @@ -3,10 +3,10 @@ <rule action='accept' direction='out' priority='500'> <tcp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/> </rule> - <rule action='accept' direction='in' priority='500'> + <rule action='accept' direction='in' priority='500' statematch='false'> <tcp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='33' srcportstart='20' srcportend='21' dstportstart='100' dstportend='1111'/> </rule> - <rule action='accept' direction='in' priority='500'> + <rule action='accept' direction='in' priority='500' statematch='false'> <tcp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='63' srcportstart='255' srcportend='256' dstportstart='65535'/> </rule> </filter> |