[pve-devel] [PATCH firewall] ebtables: sort guest chains during rulecreation
Stoiko Ivanov
s.ivanov at proxmox.com
Thu Jun 28 14:41:56 CEST 2018
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
* reported via forum:
https://forum.proxmox.com/threads/pve-firewall-keeps-rebuilding-due-to-changing-host-sort-order-code-changes-attached.44727/
* the problem occurs if you have more than 1 guest running
* this patch seems to fix it for me
src/PVE/Firewall.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index b85e2da..fefe42a 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3672,7 +3672,7 @@ sub compile_ebtables_filter {
ruleset_addrule($ruleset, 'PVEFW-FORWARD', '-o fwln+', '-j PVEFW-FWBR-OUT');
# generate firewall rules for QEMU VMs
- foreach my $vmid (keys %{$vmdata->{qemu}}) {
+ foreach my $vmid (sort keys %{$vmdata->{qemu}}) {
eval {
my $conf = $vmdata->{qemu}->{$vmid};
my $vmfw_conf = $vmfw_configs->{$vmid};
@@ -3693,7 +3693,7 @@ sub compile_ebtables_filter {
}
# generate firewall rules for LXC containers
- foreach my $vmid (keys %{$vmdata->{lxc}}) {
+ foreach my $vmid (sort keys %{$vmdata->{lxc}}) {
eval {
my $conf = $vmdata->{lxc}->{$vmid};
--
2.11.0
More information about the pve-devel
mailing list