[pve-devel] [PATCH v3 firewall 00/13] Firewall code cleanups

[Wolfgang Bumiller]

On Mon, Oct 09, 2017 at 12:16:18PM +0200, Tom Weber wrote:
> third version. mostly converting rules into structures.
> reorganized ruleset_generate_rule and everything around it.
> please note that some of the stuff implemented in the first patches
> gets eliminated later. So maybe it's worth reading all patches before
> flaming me ;-)

Where would be the fun in that?

Anyway, the patches seem fine.
Only thing I'm not too happy about currently is that $pve_std_chains is
still a global. Currently we could clone it in generate_std_chains()
directly as this is both what modifies and uses it, unless this
conflicts with later changes of yours - then it would still be a nice
finish up to this point in the series and change it into a parameter
passed from the outside later on.
OTOH the _conf+clone patch could just be skipped for now as well until
we actually need it, as the rest of the series doesn't strictly depend
on that change to be there. Partly due to the length of the series.
I don't want you to have to drag along the entire patch set with each
version. Apart from the above I have no objections to applying the
series as it is.
(Although we do still miss the Signed-off-by lines which I forgot to
mention the last couple of times, sorry.)
So if you can send a v4 with the above changes we could apply it and
continue from there.