- ruleset_generate_rule($ruleset, $chain, $rule, { REJECT => "PVEFW-reject" });
+ my $accept = generate_nfqueue($options);
+ ruleset_generate_rule($ruleset, $chain, $rule, { ACCEPT => $accept , REJECT => "PVEFW-reject" });
+ }
+ }
+ }
+}
+
+sub generate_nfqueue {
+ my ($options) = @_;
+
+ my $action = "";
+ if($options->{ips}){
+ $action = "NFQUEUE";
+ if($options->{ips_queues} && $options->{ips_queues} =~ m/^(\d+)(:(\d+))?$/) {
+ if(defined($3) && defined($1)) {
+ $action .= " --queue-balance $1:$3";
+ }elsif (defined($1)) {
+ $action .= " --queue-num $1";