[pve-devel] [PATCH 01/15] split compile to compile_iptables_filter

Alexandre Derumier aderumier at odiso.com
Thu Jul 10 10:22:28 CEST 2014


compile just read configs file and will call compile_iptables_filter for iptables and ip6tables

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 src/PVE/Firewall.pm |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 27cf1e6..3d52f62 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2793,6 +2793,13 @@ sub compile {
 	$vmfw_configs = read_vm_firewall_configs($cluster_conf, $vmdata, undef, $verbose);
     }
 
+    my ($ruleset, $ipset_ruleset) = compile_iptables_filter($cluster_conf, $hostfw_conf, $vmfw_configs, $vmdata, 4, $verbose);
+    return ($ruleset, $ipset_ruleset);
+}
+
+sub compile_iptables_filter {
+    my ($cluster_conf, $hostfw_conf, $vmfw_configs, $vmdata, $ipversion, $verbose) = @_;
+
     $cluster_conf->{ipset}->{venet0} = [];
     my $venet0_ipset_chain = compute_ipset_chain_name(0, 'venet0');
 
-- 
1.7.10.4



More information about the pve-devel mailing list