[pve-devel] [PATCH firewall] ebtables: sort guest chains during rulecreation

Stoiko Ivanov s.ivanov at proxmox.com
Thu Jun 28 14:41:56 CEST 2018


Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---

* reported via forum:
https://forum.proxmox.com/threads/pve-firewall-keeps-rebuilding-due-to-changing-host-sort-order-code-changes-attached.44727/
* the problem occurs if you have more than 1 guest running
* this patch seems to fix it for me

src/PVE/Firewall.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index b85e2da..fefe42a 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3672,7 +3672,7 @@ sub compile_ebtables_filter {
     ruleset_addrule($ruleset, 'PVEFW-FORWARD', '-o fwln+', '-j PVEFW-FWBR-OUT');
 
     # generate firewall rules for QEMU VMs
-    foreach my $vmid (keys %{$vmdata->{qemu}}) {
+    foreach my $vmid (sort keys %{$vmdata->{qemu}}) {
 	eval {
 	    my $conf = $vmdata->{qemu}->{$vmid};
 	    my $vmfw_conf = $vmfw_configs->{$vmid};
@@ -3693,7 +3693,7 @@ sub compile_ebtables_filter {
     }
 
     # generate firewall rules for LXC containers
-    foreach my $vmid (keys %{$vmdata->{lxc}}) {
+    foreach my $vmid (sort keys %{$vmdata->{lxc}}) {
 	eval {
 	    my $conf = $vmdata->{lxc}->{$vmid};
 
-- 
2.11.0





More information about the pve-devel mailing list