From 2439f55f8a44ae3bddde8098f3f6ea67ccfd1d9b Mon Sep 17 00:00:00 2001 Message-Id: <2439f55f8a44ae3bddde8098f3f6ea67ccfd1d9b@dist-git> From: Laine Stump Date: Fri, 15 Jan 2021 22:51:47 -0500 Subject: [PATCH] tests: fix iptables test case commandline options in virfirewalltest.c This test was created with all the commandlines erroneously having "--source-host", which is not a valid iptables option. The correct name for the option is "--source". However, since the test is just checking that the generated commandline matches what we told it to generate (and never actually runs iptables, as that would be a "Really Bad Idea"(tm)), the test has always succeeded. I only found it because I made a change to the code that caused the test to incorrectly try to run iptables during the test, and the error message I received was "odd" (it complained about the bad option, rather than complaining that I had insufficient privilege to run the command). https://bugzilla.redhat.com/1607929 Signed-off-by: Laine Stump Reviewed-by: Daniel Henrique Barboza (cherry picked from commit e9693502fb63ce5ddd07d2599daddc563c422eed) Message-Id: <20210116035151.1066734-5-laine@redhat.com> Reviewed-by: Jiri Denemark --- tests/virfirewalltest.c | 168 ++++++++++++++++++++-------------------- 1 file changed, 84 insertions(+), 84 deletions(-) diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index 1ec768d302..40e7f4f00b 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -206,8 +206,8 @@ testFirewallSingleGroup(const void *opaque) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -225,12 +225,12 @@ testFirewallSingleGroup(const void *opaque) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); if (virFirewallApply(fw) < 0) @@ -262,8 +262,8 @@ testFirewallRemoveRule(const void *opaque) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; virFirewallRulePtr fwrule; @@ -282,17 +282,17 @@ testFirewallRemoveRule(const void *opaque) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", NULL); - virFirewallRuleAddArg(fw, fwrule, "--source-host"); + virFirewallRuleAddArg(fw, fwrule, "--source"); virFirewallRemoveRule(fw, fwrule); fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", NULL); - virFirewallRuleAddArg(fw, fwrule, "--source-host"); + virFirewallRuleAddArg(fw, fwrule, "--source"); virFirewallRuleAddArgFormat(fw, fwrule, "%s", "!192.168.122.1"); virFirewallRuleAddArgList(fw, fwrule, "--jump", "REJECT", NULL); @@ -325,9 +325,9 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n" + IPTABLES_PATH " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; @@ -346,19 +346,19 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "OUTPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -416,9 +416,9 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; @@ -439,19 +439,19 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.255", + "--source", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "OUTPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -488,9 +488,9 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -w -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -w -A OUTPUT --source 192.168.122.1 --jump ACCEPT\n" IPTABLES_PATH " -w -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; @@ -511,18 +511,18 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, true, NULL, NULL, "-A", "INPUT", - "--source-host", "192.168.122.255", + "--source", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "OUTPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, @@ -559,8 +559,8 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n"; + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -580,17 +580,17 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.255", + "--source", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); if (virFirewallApply(fw) == 0) { @@ -623,11 +623,11 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -w -D INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -D INPUT --source 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -647,34 +647,34 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.255", + "--source", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartRollback(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "192.168.122.255", + "--source", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); if (virFirewallApply(fw) == 0) { @@ -707,10 +707,10 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -w -D INPUT --source 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -730,38 +730,38 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallStartRollback(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.255", + "--source", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartRollback(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "192.168.122.255", + "--source", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); if (virFirewallApply(fw) == 0) { @@ -794,14 +794,14 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -w -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -w -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.127 --jump REJECT\n" + IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -w -D INPUT --source 192.168.122.127 --jump REJECT\n" + IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n" + IPTABLES_PATH " -w -D INPUT --source 192.168.122.255 --jump REJECT\n" + IPTABLES_PATH " -w -D INPUT --source '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -821,14 +821,14 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallStartRollback(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); @@ -836,24 +836,24 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.127", + "--source", "192.168.122.127", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartRollback(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "192.168.122.127", + "--source", "192.168.122.127", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); @@ -861,24 +861,24 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.255", + "--source", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); virFirewallStartRollback(fw, VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "192.168.122.255", + "--source", "192.168.122.255", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-D", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); if (virFirewallApply(fw) == 0) { @@ -962,7 +962,7 @@ testFirewallQueryCallback(virFirewallPtr fw, size_t i; virFirewallAddRule(fw, layer, "-A", "INPUT", - "--source-host", "!192.168.122.129", + "--source", "!192.168.122.129", "--jump", "REJECT", NULL); for (i = 0; lines[i] != NULL; i++) { @@ -990,15 +990,15 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.127 --jump REJECT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.1 --jump ACCEPT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.127 --jump REJECT\n" IPTABLES_PATH " -w -L\n" IPTABLES_PATH " -w -t nat -L\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.130 --jump REJECT\n" - IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" - IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" - IPTABLES_PATH " -w -A INPUT --source-host 192.168.122.128 --jump REJECT\n" - IPTABLES_PATH " -w -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + IPTABLES_PATH " -w -A INPUT --source 192.168.122.130 --jump REJECT\n" + IPTABLES_PATH " -w -A INPUT --source '!192.168.122.129' --jump REJECT\n" + IPTABLES_PATH " -w -A INPUT --source '!192.168.122.129' --jump REJECT\n" + IPTABLES_PATH " -w -A INPUT --source 192.168.122.128 --jump REJECT\n" + IPTABLES_PATH " -w -A INPUT --source '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; expectedLineNum = 0; @@ -1020,14 +1020,14 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.1", + "--source", "192.168.122.1", "--jump", "ACCEPT", NULL); virFirewallStartTransaction(fw, 0); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.127", + "--source", "192.168.122.127", "--jump", "REJECT", NULL); virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4, @@ -1043,7 +1043,7 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.130", + "--source", "192.168.122.130", "--jump", "REJECT", NULL); @@ -1051,12 +1051,12 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED) virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "192.168.122.128", + "--source", "192.168.122.128", "--jump", "REJECT", NULL); virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "-A", "INPUT", - "--source-host", "!192.168.122.1", + "--source", "!192.168.122.1", "--jump", "REJECT", NULL); if (virFirewallApply(fw) < 0) -- 2.30.0