[pve-devel] [PATCH] implement ipset ip/net groups
Dietmar Maurer
dietmar at proxmox.com
Fri Mar 28 10:16:12 CET 2014
applied, but have one more questions (inline).
> sub apply_ruleset {
> - my ($ruleset, $hostfw_conf, $verbose) = @_;
> + my ($ruleset, $hostfw_conf, $ipset_ruleset, $verbose) = @_;
>
> enable_bridge_firewall();
>
> update_nf_conntrack_max($hostfw_conf);
>
> + my $ipsetcmdlist = get_ipset_cmdlist($ipset_ruleset, $verbose);
> +
> my $cmdlist = get_rulset_cmdlist($ruleset, $verbose);
>
> print $cmdlist if $verbose;
>
> + ipset_restore_cmdlist($ipsetcmdlist);
> +
What happens if we delete ipset chains which are still in use by iptables?
> iptables_restore_cmdlist($cmdlist);
More information about the pve-devel
mailing list