[pve-devel] [PATCH] fix interface in rules for host-in and host-out
Alexandre Derumier
aderumier at odiso.com
Tue May 13 12:32:08 CEST 2014
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
debian/example/host.fw | 4 ++--
src/PVE/Firewall.pm | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/debian/example/host.fw b/debian/example/host.fw
index 77f7f4b..b5c53b0 100644
--- a/debian/example/host.fw
+++ b/debian/example/host.fw
@@ -25,5 +25,5 @@ optimize : 1
[RULES]
-IN SSH(ACCEPT) net0
-OUT SSH(ACCEPT) net0
+IN SSH(ACCEPT) -
+OUT SSH(ACCEPT) -
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 803bebf..b85ad6d 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1661,6 +1661,7 @@ sub enable_host_firewall {
# add host rules first, so that cluster wide rules can be overwritten
foreach my $rule (@$rules, @$cluster_rules) {
next if $rule->{type} ne 'in';
+ $rule->{iface_in} = $rule->{iface} if $rule->{iface};
ruleset_generate_rule($ruleset, $chain, $rule, { ACCEPT => $accept_action, REJECT => "PVEFW-reject" }, undef, $cluster_conf);
}
@@ -1688,6 +1689,7 @@ sub enable_host_firewall {
# add host rules first, so that cluster wide rules can be overwritten
foreach my $rule (@$rules, @$cluster_rules) {
next if $rule->{type} ne 'out';
+ $rule->{iface_out} = $rule->{iface} if $rule->{iface};
ruleset_generate_rule($ruleset, $chain, $rule, { ACCEPT => $accept_action, REJECT => "PVEFW-reject" }, undef, $cluster_conf);
}
--
1.7.10.4
More information about the pve-devel
mailing list