[pve-devel] [PATCH 01/18] split compile to compile_iptables_filter
Alexandre Derumier
aderumier at odiso.com
Tue Jul 15 09:57:59 CEST 2014
compile just read configs file and will call compile_iptables_filter for iptables and ip6tables
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
src/PVE/Firewall.pm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 27cf1e6..3d52f62 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2793,6 +2793,13 @@ sub compile {
$vmfw_configs = read_vm_firewall_configs($cluster_conf, $vmdata, undef, $verbose);
}
+ my ($ruleset, $ipset_ruleset) = compile_iptables_filter($cluster_conf, $hostfw_conf, $vmfw_configs, $vmdata, 4, $verbose);
+ return ($ruleset, $ipset_ruleset);
+}
+
+sub compile_iptables_filter {
+ my ($cluster_conf, $hostfw_conf, $vmfw_configs, $vmdata, $ipversion, $verbose) = @_;
+
$cluster_conf->{ipset}->{venet0} = [];
my $venet0_ipset_chain = compute_ipset_chain_name(0, 'venet0');
--
1.7.10.4
More information about the pve-devel
mailing list