[pve-devel] applied: [PATCH firewall] honor disabled flag on group rules again
Wolfgang Bumiller
w.bumiller at proxmox.com
Thu Dec 7 08:49:58 CET 2017
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
src/PVE/Firewall.pm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index c858b85..2feac54 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2417,6 +2417,7 @@ sub generate_group_rules {
foreach my $rule (@$rules) {
next if $rule->{type} ne 'in';
+ next if !$rule->{enable} || $rule->{errors};
next if $rule->{ipversion} && $rule->{ipversion} ne $ipversion;
rule_substitude_action($rule, { ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" });
ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf);
@@ -2429,6 +2430,7 @@ sub generate_group_rules {
foreach my $rule (@$rules) {
next if $rule->{type} ne 'out';
+ next if !$rule->{enable} || $rule->{errors};
next if $rule->{ipversion} && $rule->{ipversion} ne $ipversion;
# we use PVEFW-SET-ACCEPT-MARK (Instead of ACCEPT) because we need to
# check also other tap rules later
--
2.11.0
More information about the pve-devel
mailing list