run_command("/sbin/iptables $cmd", outfunc => sub {}, errfunc => sub {});
}
-sub iptables_restore {
-
- unshift (@ruleset, '*filter');
- push (@ruleset, 'COMMIT');
-
- my $cmdlist = join("\n", @ruleset) . "\n";
+sub iptables_restore_cmdlist {
+ my ($cmdlist) = @_;
my $verbose = 1; # fixme: how/when do we set this
}
}
+sub iptables_restore {
+
+ unshift (@ruleset, '*filter');
+ push (@ruleset, 'COMMIT');
+
+ my $cmdlist = join("\n", @ruleset) . "\n";
+
+ iptables_restore_cmdlist($cmdlist);
+}
+
# experimental code to read existing chains and compute SHA1 checksum
# for each chain.
sub iptables_get_chains {
return 1 if $name =~ m/^BRIDGEFW-(:?IN|OUT)$/;
return 1 if $name =~ m/^proxmoxfw-\S+$/;
return 1 if $name =~ m/^tap\d+i\d+-(:?IN|OUT)$/;
+ return 1 if $name =~ m/^vmbr\d+-(:?IN|OUT)$/;
return undef;
};
my ($param) = @_;
my $code = sub {
- die "implement me";
+ my $chash = PVE::Firewall::iptables_get_chains();
+ my $cmdlist = "*filter\n";
+ $cmdlist .= "-D INPUT -j proxmoxfw-INPUT\n";
+ $cmdlist .= "-D FORWARD -j proxmoxfw-FORWARD\n";
+ foreach my $chain (keys %$chash) {
+ $cmdlist .= "-F $chain\n";
+ }
+ foreach my $chain (keys %$chash) {
+ $cmdlist .= "-X $chain\n";
+ }
+ $cmdlist .= "COMMIT\n";
+
+ PVE::Firewall::iptables_restore_cmdlist($cmdlist);
};
PVE::Firewall::run_locked($code);
projects / pve-firewall.git / commitdiff