[pve-devel] [PATCH] add -full option to pve-firewall compile v2

Alexandre DERUMIER aderumier at odiso.com
Wed Jun 18 17:50:12 CEST 2014


>>Oh, I think compile should not touch actual firewall settings, so simply
>>calling apply_ruleset() is not good.

we can call iptables-restore -t

but for ipset restore, we need to apply them, if iptables rules need them


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com 
Envoyé: Mercredi 18 Juin 2014 17:32:12 
Objet: RE: [pve-devel] [PATCH] add -full option to pve-firewall compile v2 

> + if ( $param->{full}){ 
> + my $hostfw_conf = PVE::Firewall::load_hostfw_conf(); 
> + PVE::Firewall::apply_ruleset($ruleset, $hostfw_conf, 
> $ipset_ruleset, 1); 
> + } 

Oh, I think compile should not touch actual firewall settings, so simply 
calling apply_ruleset() is not good. 



More information about the pve-devel mailing list