[pve-devel] applied: [PATCH firewall] fixup active_chains distinction when deleting chains

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Jun 12 12:05:39 CEST 2018


Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
---
With the last ebtables rule merge patches this ebtables/iptables
distinction was missing causing the disabling of a VM's firewall to
produce invalid hash accesses causing this to not be detected as a
change...

 src/PVE/Firewall.pm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 62cbf66..6b39d5d 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3784,11 +3784,12 @@ sub get_ruleset_status {
     foreach my $chain (sort keys %$active_chains) {
 	next if defined($ruleset->{$chain});
 	my $action = 'delete';
+	my $sig = $active_chains->{$chain};
 	if (defined($change_only_regex)) {
 	    $action = 'ignore' if ($chain !~ m/$change_only_regex/);
 	    $statushash->{$chain}->{rules} = $active_chains->{$chain}->{rules};
+	    $sig = $sig->{sig};
 	}
-	my $sig = $active_chains->{$chain}->{sig};
 	$statushash->{$chain}->{action} = $action;
 	$statushash->{$chain}->{sig} = $sig;
 	print "$action $chain ($sig)\n" if $verbose;
-- 
2.11.0




More information about the pve-devel mailing list