[pve-devel] applied: [PATCH pve-firewall v4 5/9] nftables: make is_nftables check flag file instead of config
Thomas Lamprecht
t.lamprecht at proxmox.com
Sun Nov 17 15:58:11 CET 2024
Am 15.11.24 um 13:09 schrieb Stefan Hanreich:
> is_nftables is used in the VM and CT network startup scripts to
> determine whether the nftables firewall is enabled or not. This causes
> issues on container and VM startup when loading the SDN config, since
> it requires the RPCEnvironment which is not initialized yet. Therefore
> change this check to look for the existence of the flag file instead.
>
> It also avoids parsing the entire cluster and host firewall
> configuration on VM / CT startup, which means increased performance.
>
> While we're at it, make all methods related to the configuration
> parsing private, in order to avoid accidental usage of the expensive
> methods.
>
> Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
> Reviewed-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
> ---
> src/PVE/Firewall.pm | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
>
>
applied, thanks!
More information about the pve-devel
mailing list