Re: [Xen-devel] [PATCH 3/5] hotplug/linux: Improve iptables logic

[Ian Jackson <ian.jackson@xxxxxxxxxxxxx>]

Sylvain Munaut writes ("Re: [PATCH 3/5] hotplug/linux: Improve iptables logic"):
> And just moving the 'out' rule outside of frob_iptables alltogether
> seems hackish to me, especially when you add IPv6 later on because you
> have iptables manipulations spread around.

Sorry for the terseness of my previous mail.  I should say that I
appreciate your efforts to tidy this up and to support v6.

I think it's probably better to show you what I mean in code.  So I am
going to send two patches (from git-format-patch/git-send-email) to
show what I mean.  They come instead of this patch, and the rest of
the series would need rework.

You can find them here too:
  git://xenbits.xen.org/people/iwj/xen.git#for.sylvain-munaut
  
http://xenbits.xen.org/gitweb/?p=people/iwj/xen.git;a=shortlog;h=refs/heads/for.sylvain-munaut

> > I'm not sure I like the change in the handling of any.
> 
> What change exactly ?

I meant that rather than having a subroutine which adds a wildcard
rule, you have an explicit "any" address, and tracking if it's been
added, etc.

Please take a look and see if you prefer my approach.

Regards,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel