From: Laine Stump <laine@redhat.com>
Date: Fri, 24 May 2024 02:56:04 +0000 (-0400)
Subject: NEWS: document nftables support in network driver
X-Git-Tag: v10.4.0-rc1~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbc1b3fc6eb02d632bf525f143cb100f8e65cec2;p=thirdparty%2Flibvirt.git

NEWS: document nftables support in network driver

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---

diff --git a/NEWS.rst b/NEWS.rst
index 42b0f88128..14505116b1 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -33,6 +33,16 @@ v10.4.0 (unreleased)
     ``<sound model='virtio'/>``. This model is available from QEMU 8.2.0
     onwards.
 
+  * network: use nftables to setup virtual network firewall rules
+
+    The network driver can now use nftables rules for the virtual
+    network firewalls, rather than iptables. With the standard build
+    options, nftables is preferred over iptables (with fallback to
+    iptables if nftables isn't installed), but this can be modified at
+    build time, or at runtime via the firewall_backend setting in
+    network.conf. (NB: the nwfilter driver still uses
+    ebtables/iptables).
+
 * **Improvements**
 
 * **Bug fixes**