[pve-devel] [PATCH] implement ipset ip/net groups
Alexandre DERUMIER
aderumier at odiso.com
Fri Mar 28 13:37:43 CET 2014
>>What happens if we delete ipset chains which are still in use by iptables?
ipset will throw an error like "ipset in use in iptables...."
so I think we should check if it's used or not before trying to remove it.
I'll implement next week ipset in iptables rules.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com
Envoyé: Vendredi 28 Mars 2014 10:16:12
Objet: RE: [pve-devel] [PATCH] implement ipset ip/net groups
applied, but have one more questions (inline).
> sub apply_ruleset {
> - my ($ruleset, $hostfw_conf, $verbose) = @_;
> + my ($ruleset, $hostfw_conf, $ipset_ruleset, $verbose) = @_;
>
> enable_bridge_firewall();
>
> update_nf_conntrack_max($hostfw_conf);
>
> + my $ipsetcmdlist = get_ipset_cmdlist($ipset_ruleset, $verbose);
> +
> my $cmdlist = get_rulset_cmdlist($ruleset, $verbose);
>
> print $cmdlist if $verbose;
>
> + ipset_restore_cmdlist($ipsetcmdlist);
> +
What happens if we delete ipset chains which are still in use by iptables?
> iptables_restore_cmdlist($cmdlist);
More information about the pve-devel
mailing list