[pve-devel] [PATCH] add -full option to pve-firewall compile v2
Alexandre Derumier
aderumier at odiso.com
Wed Jun 18 07:54:42 CEST 2014
this apply ipset and iptables rules,
display verbose ipset and iptables command and display errors
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
src/pve-firewall | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/pve-firewall b/src/pve-firewall
index befee44..62d5768 100755
--- a/src/pve-firewall
+++ b/src/pve-firewall
@@ -366,7 +366,14 @@ __PACKAGE__->register_method ({
description => "Compile and print firewall rules. This is useful for testing.",
parameters => {
additionalProperties => 0,
- properties => {},
+ properties => {
+ full => {
+ optional => 1,
+ type => 'boolean',
+ description => "Full compilation test with iptables and ipset restore",
+ default => 0,
+ },
+ }
},
returns => { type => 'null' },
@@ -393,7 +400,10 @@ __PACKAGE__->register_method ({
if (!$cluster_conf->{options}->{enable}) {
print "firewall disabled\n";
}
-
+ if ( $param->{full}){
+ my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
+ PVE::Firewall::apply_ruleset($ruleset, $hostfw_conf, $ipset_ruleset, 1);
+ }
};
PVE::Firewall::run_locked($code);
--
1.7.10.4
More information about the pve-devel
mailing list