[pve-devel] applied: [PATCH firewall] fix reading host.fw through IPCC interface
Alexandre DERUMIER
aderumier at odiso.com
Mon Apr 22 16:14:57 CEST 2019
Thanks Thomas for working on this.
I'll test it this week.
----- Mail original -----
De: "Thomas Lamprecht" <t.lamprecht at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 19 Avril 2019 06:55:17
Objet: [pve-devel] applied: [PATCH firewall] fix reading host.fw through IPCC interface
IPCC has no knowledge about FUSE based links, but we used
'local/host.fw' here, where local is always a link to
'nodes/<LOCAL-NODENAME>/', this works only when using the common file
system interface provided by FUSE, but not if we're talking directly
with our memdb file store through IPCC..
So use a nodename based path here, to avoid getting just empty
strings for host.fw.
fixes commit 0dbef53046fade02efec143d3b7a0f4f9021b618
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
src/PVE/Firewall.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 2108567..1607b74 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -23,7 +23,6 @@ use PVE::SafeSyslog;
use PVE::Tools qw($IPV4RE $IPV6RE);
use PVE::Tools qw(run_command lock_file dir_glob_foreach);
-my $hostfw_conf_filename = "/etc/pve/local/host.fw";
my $pvefw_conf_dir = "/etc/pve/firewall";
my $clusterfw_conf_filename = "$pvefw_conf_dir/cluster.fw";
@@ -127,6 +126,7 @@ eval {
};
my $nodename = PVE::INotify::nodename();
+my $hostfw_conf_filename = "/etc/pve/nodes/$nodename/host.fw";
my $pve_fw_lock_filename = "/var/lock/pvefw.lck";
--
2.20.1
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list