],
'Ceph' => [
"Ceph Storage Cluster traffic (Ceph Monitors, OSD & MDS Deamons)",
+ # Legacy port for protocol v1
{ action => 'PARAM', proto => 'tcp', dport => '6789' },
+ # New port for protocol v2
+ { action => 'PARAM', proto => 'tcp', dport => '3300' },
{ action => 'PARAM', proto => 'tcp', dport => '6800:7300' },
],
'CVS' => [
sub iptables_restore_cmdlist {
my ($cmdlist) = @_;
- run_command("/sbin/iptables-restore -n", input => $cmdlist, errmsg => "iptables_restore_cmdlist");
+ run_command(['iptables-restore', '-n'], input => $cmdlist, errmsg => "iptables_restore_cmdlist");
}
sub ip6tables_restore_cmdlist {
my ($cmdlist) = @_;
- run_command("/sbin/ip6tables-restore -n", input => $cmdlist, errmsg => "iptables_restore_cmdlist");
+ run_command(['ip6tables-restore', '-n'], input => $cmdlist, errmsg => "iptables_restore_cmdlist");
}
sub ipset_restore_cmdlist {
my ($cmdlist) = @_;
- run_command("/sbin/ipset restore", input => $cmdlist, errmsg => "ipset_restore_cmdlist");
+ run_command(['ipset', 'restore'], input => $cmdlist, errmsg => "ipset_restore_cmdlist");
}
sub ebtables_restore_cmdlist {
my ($cmdlist) = @_;
- run_command("/sbin/ebtables-restore", input => $cmdlist, errmsg => "ebtables_restore_cmdlist");
+ run_command(['ebtables-restore'], input => $cmdlist, errmsg => "ebtables_restore_cmdlist");
}
sub iptables_get_chains {
}
};
- run_command("/sbin/$iptablescmd-save", outfunc => $parser);
+ run_command(["$iptablescmd-save"], outfunc => $parser);
return wantarray ? ($res, $hooks) : $res;
}
}
};
- run_command("/sbin/ipset save", outfunc => $parser);
+ run_command(['ipset', 'save'], outfunc => $parser);
# compute digest for each chain
foreach my $chain (keys %$chains) {
}
};
- run_command("/sbin/ebtables-save", outfunc => $parser);
+ run_command(['ebtables-save'], outfunc => $parser);
# compute digest for each chain and store rules as well
foreach my $chain (keys %$chains) {
$res->{$chain}->{rules} = $chains->{$chain};
foreach my $chain (sort keys %$statushash) {
my $stat = $statushash->{$chain};
- next if ($stat->{action} eq 'delete');
$changes = 1 if ($stat->{action} !~ 'ignore|exists');
+ next if ($stat->{action} eq 'delete');
foreach my $cmd (@{$statushash->{$chain}->{'rules'}}) {
if ($chain eq 'FORWARD' && $cmd eq $append_pve_to_forward) {
my $tmpfile = "$pve_fw_status_dir/log_nf_conntrack";
PVE::Tools::file_set_contents($tmpfile, $value);
- PVE::Tools::run_command([qw(systemctl try-reload-or-restart pvefw-logger.service)]);
+ run_command([qw(systemctl try-reload-or-restart pvefw-logger.service)]);
$log_nf_conntrack_enabled = $value;
}
}