[pve-devel] [PATCH 4/8] remove generate_bridge_chains sub

Alexandre Derumier aderumier at odiso.com
Wed Apr 30 10:56:33 CEST 2014


we don't need it anymore

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 src/PVE/Firewall.pm |   43 -------------------------------------------
 1 file changed, 43 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 0892bb8..805ed7b 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1401,49 +1401,6 @@ sub ruleset_addlog {
     ruleset_addrule($ruleset, $chain, $logrule);
 }
 
-sub generate_bridge_chains {
-    my ($ruleset, $hostfw_conf, $bridge, $routing_table, $bridges_config) = @_;
-
-    my $options = $hostfw_conf->{options} || {};
-
-    die "error: detected direct route to bridge '$bridge'\n"
-	if !$options->{allow_bridge_route} && $routing_table->{$bridge};
-
-    if (!ruleset_chain_exist($ruleset, "$bridge-FW")) {
-	ruleset_create_chain($ruleset, "$bridge-FW");
-	ruleset_addrule($ruleset, "PVEFW-FORWARD", "-o $bridge -m physdev --physdev-is-out -j $bridge-FW");
-	ruleset_addrule($ruleset, "PVEFW-FORWARD", "-i $bridge -m physdev --physdev-is-in -j $bridge-FW");
-    }
-
-    if (!ruleset_chain_exist($ruleset, "$bridge-OUT")) {
-	ruleset_create_chain($ruleset, "$bridge-OUT");
-
-	if($options->{optimize}){
-	    foreach my $interface (@{$bridges_config->{$bridge}}) {
-		ruleset_addrule($ruleset, "$bridge-OUT", "-m physdev --physdev-is-bridged --physdev-in $interface -g PVEFW-SET-ACCEPT-MARK");
-	    }
-	}
-
-	ruleset_addrule($ruleset, "$bridge-FW", "-m physdev --physdev-is-in -j $bridge-OUT");
-	ruleset_insertrule($ruleset, "PVEFW-INPUT", "-i $bridge -m physdev --physdev-is-in -j $bridge-OUT");
-    }
-
-    if (!ruleset_chain_exist($ruleset, "$bridge-IN")) {
-	ruleset_create_chain($ruleset, "$bridge-IN");
-
-	if($options->{optimize}){
-	    foreach my $interface (@{$bridges_config->{$bridge}}) {
-		ruleset_addrule($ruleset, "$bridge-IN", "-m physdev --physdev-is-bridged --physdev-out $interface -j ACCEPT");
-	    }
-	}
-
-	ruleset_addrule($ruleset, "$bridge-FW", "-m physdev --physdev-is-out -j $bridge-IN");
-	ruleset_addrule($ruleset, "$bridge-FW", "-m mark --mark 1 -j ACCEPT");
-	# accept traffic to unmanaged bridge ports
-	ruleset_addrule($ruleset, "$bridge-FW", "-m physdev --physdev-is-out -j ACCEPT ");
-    }
-}
-
 sub ruleset_add_chain_policy {
     my ($ruleset, $chain, $vmid, $policy, $loglevel, $accept_action) = @_;
 
-- 
1.7.10.4



More information about the pve-devel mailing list