Break frob_iptable into two subroutines frob_iptable_in and
frob_iptable_out_all.
frob_iptable_in must be called with the iptables command name and
appropriate parameters (for each source address or condition, as
necessary).
frob_iptable_out_all must be called exactly once.
Signed-off-by: Ian Jackson <ian.jack...@eu.citrix.com>
---
tools/hotplug/Linux/vif-common.sh | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/tools/hotplug/Linux/vif-common.sh
b/tools/hotplug/Linux/vif-common.sh
index 20cb6a7..b7b3e32 100644
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -138,10 +138,15 @@ frob_iptable_command()
fi
}
-frob_iptable()
+frob_iptable_in()
{
- frob_iptable_command iptables FORWARD -w $dev_in_match "$dev" \
+ local iptables=$1; shift
+ frob_iptable_command $iptables FORWARD -w $dev_in_match "$dev" \
"$@" -j ACCEPT 2>/dev/null
+}
+
+frob_iptable_out_all()
+{
frob_iptable_command iptables FORWARD -w $dev_out_match "$dev" \
-j ACCEPT 2>/dev/null
}
@@ -186,10 +191,12 @@ handle_iptable()
done
# Always allow the domain to talk to a DHCP server.
- frob_iptable -p udp --sport 68 --dport 67
+ frob_iptable_in iptables -p udp --sport 68 --dport 67
+ frob_iptable_out_all
else
# No IP addresses have been specified, so allow anything.
- frob_iptable
+ frob_iptable_in iptables
+ frob_iptable_out_all
fi
release_lock "iptables"
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
