[pve-devel] [PATCH v2 pve-firewall 0/5] improve update

Alexandre Derumier aderumier at odiso.com
Mon Jan 14 10:15:58 CET 2019


This patch improve firewall update.
We want to be sure that an update of a config file don't happen
when update is running or pmxcfs is reloaded when firewall update is running.

Changelog v2:
 - use noerr in PVE::Cluster::check_cfs_is_mounted
 - split read_config from compile
 - on update, read all configs twice at 1second interval, and compare values
   to be sure of consistency

Alexandre Derumier (5):
  don't update if /etc/pve is not mounted
  remove_pvefw_chains_iptables : don't commit if rules are already
    removed.
  add syslog on pvefw chains removal
  split read_configuration from compile sub
  update: read config twice at 1second interval

 debian/control                  |  1 +
 src/PVE/Firewall.pm             | 39 ++++++++++++++++++++++++++++++++-------
 src/PVE/Service/pve_firewall.pm | 10 ++++++----
 src/pvefw-logger.c              |  6 ++++--
 test/fwtester.pl                |  3 ++-
 5 files changed, 45 insertions(+), 14 deletions(-)

-- 
2.11.0




More information about the pve-devel mailing list