[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] vif-common.sh prevent physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore
Hi all, Please consider this patch, with newer (pvops) kernels my logs get flooded with this iptables warning: physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore Using the --physdev-is-bridged option prevents this. See also: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571634#10 -- Sander # HG changeset patch # User root@localhost # Date 1289255948 -3600 # Node ID 8270590996e55674532101c3dcfd41312c8598cf # Parent 0d5f09e3728cd2ebf1126bc7341ae9dded45006a Use --physdev-is-bridged to make it explicit the rules only apply to bridged traffic. This prevents a flood of: physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore. messages when starting or shutting down domU's Background information: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571634#10 Signed-off-by: Sander Eikelenboom <linux@xxxxxxxxxxxxxx> diff -r 0d5f09e3728c -r 8270590996e5 tools/hotplug/Linux/vif-common.sh --- a/tools/hotplug/Linux/vif-common.sh Thu Nov 04 16:42:34 2010 +0000 +++ b/tools/hotplug/Linux/vif-common.sh Mon Nov 08 23:39:08 2010 +0100 @@ -105,10 +105,10 @@ local c="-D" fi - iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \ + iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$vif" "$@" -j ACCEPT \ 2>/dev/null && iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED -m physdev \ - --physdev-out "$vif" -j ACCEPT 2>/dev/null + --physdev-is-bridged --physdev-out "$vif" -j ACCEPT 2>/dev/null if [ "$command" == "online" -a $? -ne 0 ] then Attachment:
vif-common.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |