[pve-devel] [PATCH v2 pve-firewall 0/5] improve update
Alexandre Derumier
aderumier at odiso.com
Mon Jan 14 10:15:58 CET 2019
This patch improve firewall update.
We want to be sure that an update of a config file don't happen
when update is running or pmxcfs is reloaded when firewall update is running.
Changelog v2:
- use noerr in PVE::Cluster::check_cfs_is_mounted
- split read_config from compile
- on update, read all configs twice at 1second interval, and compare values
to be sure of consistency
Alexandre Derumier (5):
don't update if /etc/pve is not mounted
remove_pvefw_chains_iptables : don't commit if rules are already
removed.
add syslog on pvefw chains removal
split read_configuration from compile sub
update: read config twice at 1second interval
debian/control | 1 +
src/PVE/Firewall.pm | 39 ++++++++++++++++++++++++++++++++-------
src/PVE/Service/pve_firewall.pm | 10 ++++++----
src/pvefw-logger.c | 6 ++++--
test/fwtester.pl | 3 ++-
5 files changed, 45 insertions(+), 14 deletions(-)
--
2.11.0
More information about the pve-devel
mailing list