[pve-devel] [PATCH pve-firewall v8 3/5] sdn: always include SDN configuration
Stefan Hanreich
s.hanreich at proxmox.com
Tue Nov 19 16:36:08 CET 2024
If the cluster configuration does not exist, but in other firewall
configuration files there are rules referencing SDN IPsets, validation
for those rules fails, because the cluster configuration does not
contain the SDN IPSets. This is because generic_fw_config_parser
returns an empty hash when there is no cluster configuration file.
Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
src/PVE/Firewall.pm | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 6437db0..7636798 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3658,6 +3658,9 @@ sub load_clusterfw_conf {
my ($filename) = @_;
$filename = $clusterfw_conf_filename if !defined($filename);
+
+ my $sdn_conf = load_sdn_conf();
+
my $empty_conf = {
rules => [],
options => {},
@@ -3666,12 +3669,16 @@ sub load_clusterfw_conf {
group_comments => {},
ipset => {} ,
ipset_comments => {},
- sdn => load_sdn_conf(),
+ sdn => $sdn_conf,
};
my $cluster_conf = generic_fw_config_parser($filename, $empty_conf, $empty_conf, 'cluster');
$set_global_log_ratelimit->($cluster_conf->{options});
+ if (!$cluster_conf->{sdn}) {
+ $cluster_conf->{sdn} = $sdn_conf;
+ }
+
return $cluster_conf;
}
--
2.39.5
More information about the pve-devel
mailing list