[pve-devel] [PATCH] add -full option to pve-firewall compile v2
Alexandre DERUMIER
aderumier at odiso.com
Wed Jun 18 17:50:12 CEST 2014
>>Oh, I think compile should not touch actual firewall settings, so simply
>>calling apply_ruleset() is not good.
we can call iptables-restore -t
but for ipset restore, we need to apply them, if iptables rules need them
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com
Envoyé: Mercredi 18 Juin 2014 17:32:12
Objet: RE: [pve-devel] [PATCH] add -full option to pve-firewall compile v2
> + if ( $param->{full}){
> + my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
> + PVE::Firewall::apply_ruleset($ruleset, $hostfw_conf,
> $ipset_ruleset, 1);
> + }
Oh, I think compile should not touch actual firewall settings, so simply
calling apply_ruleset() is not good.
More information about the pve-devel
mailing list