[pve-devel] loading nf_conntrack_ftp module by default ?
Alexandre DERUMIER
aderumier at odiso.com
Mon May 19 10:44:51 CEST 2014
maybe in Firewall.pm, sub update() (which is called in run_server) ?
sub update {
my ($verbose) = @_;
my $code = sub {
my $cluster_conf = load_clusterfw_conf();
my $cluster_options = $cluster_conf->{options};
my $enable = $cluster_options->{enable};
die "Firewall is disabled - cannot start\n" if !$enable;
if (!$enable) {
PVE::Firewall::remove_pvefw_chains();
print "Firewall disabled\n" if $verbose;
return;
}
#load conntrack
if(! -d /sys/module/nf_conntrack_ftp){
system("/sbin/modprobe nf_conntrack_ftp");
}
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Dietmar Maurer" <dietmar at proxmox.com>, "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Lundi 19 Mai 2014 10:05:25
Objet: RE: [pve-devel] loading nf_conntrack_ftp module by default ?
> > do you think that /etc/init.d/pve-firewall start is a good place to
> > load the module ?
>
> not really, because we do not want to load the module if firewall is disabled in
> /etc/pve/firewall/cluster.fw
maybe: pve-firewall/src/pve-firewall, method run_server()
More information about the pve-devel
mailing list