[pve-devel] [PATCH 13/19] compile ipv6 ruleset

Alexandre Derumier aderumier at odiso.com
Wed Jul 16 01:14:29 CEST 2014


Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 src/PVE/Firewall.pm |    6 ++++--
 src/pve-firewall    |    6 +++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 47a5e1b..9e48486 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2989,7 +2989,9 @@ sub compile {
     }
 
     my ($ruleset, $ipset_ruleset) = compile_iptables_filter($cluster_conf, $hostfw_conf, $vmfw_configs, $vmdata, 4, $verbose);
-    return ($ruleset, $ipset_ruleset);
+    my ($rulesetv6) = compile_iptables_filter($cluster_conf, $hostfw_conf, $vmfw_configs, $vmdata, 6, $verbose);
+
+    return ($ruleset, $ipset_ruleset, $rulesetv6);
 }
 
 sub compile_iptables_filter {
@@ -3443,7 +3445,7 @@ sub update {
 
 	my $hostfw_conf = load_hostfw_conf();
 
-	my ($ruleset, $ipset_ruleset) = compile($cluster_conf, $hostfw_conf);
+	my ($ruleset, $ipset_ruleset, $rulesetv6) = compile($cluster_conf, $hostfw_conf);
 
 	apply_ruleset($ruleset, $hostfw_conf, $ipset_ruleset);
     };
diff --git a/src/pve-firewall b/src/pve-firewall
index befee44..f02b760 100755
--- a/src/pve-firewall
+++ b/src/pve-firewall
@@ -344,7 +344,7 @@ __PACKAGE__->register_method ({
 
 	    if ($status eq 'running') {
 		
-		my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
+		my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
 
 		$verbose = 0; # do not show iptables details
 		my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
@@ -380,7 +380,7 @@ __PACKAGE__->register_method ({
 	    my $verbose = 1;
 
 	    my $cluster_conf = PVE::Firewall::load_clusterfw_conf(undef, $verbose); 
-	    my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
+	    my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
 
 	    my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
 	    my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
@@ -502,7 +502,7 @@ __PACKAGE__->register_method ({
 
 	local $SIG{'__WARN__'} = 'DEFAULT'; # do not fill up syslog
 
-	my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile(undef, undef, undef, $param->{verbose});
+	my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile(undef, undef, undef, $param->{verbose});
 
 	PVE::FirewallSimulator::debug($param->{verbose} || 0);
 	
-- 
1.7.10.4




More information about the pve-devel mailing list