[pve-devel] [PATCH proxmox-firewall 2/4] partially fix #6176: ipfilter: honor firewall setting from guest cfg
Stefan Hanreich
s.hanreich at proxmox.com
Wed Feb 19 11:09:47 CET 2025
ipfilter ipsets and rules were still generated, even if the firewall
was disabled for the network device.
Signed-off-by: Stefan Hanreich <s.hanreich at proxmox.com>
---
proxmox-firewall/src/firewall.rs | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/proxmox-firewall/src/firewall.rs b/proxmox-firewall/src/firewall.rs
index e980bd5..0e0edf8 100644
--- a/proxmox-firewall/src/firewall.rs
+++ b/proxmox-firewall/src/firewall.rs
@@ -781,6 +781,10 @@ impl Firewall {
let network_devices = cfg.network_config().network_devices();
for (index, network_device) in network_devices {
+ if !network_device.has_firewall() {
+ continue;
+ }
+
let ipfilter_name = Ipfilter::name_for_index(*index);
if let Some(ipset) = ipsets.get(&ipfilter_name) {
--
2.39.5
More information about the pve-devel
mailing list