[pve-devel] [PATCH] firewall update : load cluster conf for host rules
Alexandre Derumier
aderumier at odiso.com
Thu Dec 11 14:25:42 CET 2014
Currently we can't use ipsets defined in cluster in host rules
host.fw
----------
[OPTIONS]
log_level_in: debug
enable: 1
tcp_flags_log_level: debug
log_level_out: debug
tcpflags: 1
smurf_log_level: debug
[RULES]
IN ACCEPT -source +whitelist
in sub update {
my $hostfw_conf = load_hostfw_conf();
}
$VAR1 = {
'options' => {
'enable' => 1,
'log_level_in' => 'debug',
'tcp_flags_log_level' => 'debug',
'log_level_out' => 'debug',
'tcpflags' => 1,
'smurf_log_level' => 'debug'
},
'ipset' => {},
'rules' => [
{
'source' => '+whitelist',
'enable' => 1,
'errors' => {
'source' => 'no such ipset \'whitelist\''
},
'action' => 'ACCEPT',
'type' => 'in'
}
]
};
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
src/PVE/Firewall.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index abf591b..958927a 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3560,7 +3560,7 @@ sub update {
return;
}
- my $hostfw_conf = load_hostfw_conf();
+ my $hostfw_conf = load_hostfw_conf($cluster_conf);
my ($ruleset, $ipset_ruleset, $rulesetv6) = compile($cluster_conf, $hostfw_conf);
--
1.7.10.4
More information about the pve-devel
mailing list