[pve-devel] [PATCH v2 firewall 1/2] ebtables: remove PVE chains properly
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jul 10 11:59:19 CEST 2019
when globally disabling the FW, or on shutdown of firewall service.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Notes:
v1->v2: drop condition, add comment
src/PVE/Firewall.pm | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 96c45e9..3b67186 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -4269,6 +4269,7 @@ sub remove_pvefw_chains {
PVE::Firewall::remove_pvefw_chains_iptables("iptables");
PVE::Firewall::remove_pvefw_chains_iptables("ip6tables");
PVE::Firewall::remove_pvefw_chains_ipset();
+ PVE::Firewall::remove_pvefw_chains_ebtables();
}
@@ -4314,6 +4315,11 @@ sub remove_pvefw_chains_ipset {
ipset_restore_cmdlist($cmdlist) if $cmdlist;
}
+sub remove_pvefw_chains_ebtables {
+ # apply empty ruleset = remove all our chains
+ ebtables_restore_cmdlist(get_ebtables_cmdlist({}));
+}
+
sub init {
my $cluster_conf = load_clusterfw_conf();
my $cluster_options = $cluster_conf->{options};
--
2.20.1
More information about the pve-devel
mailing list