always use PVEFW-SET-ACCEPT-MARK for OUT chain

[pve-firewall.git] / pvefw

diff --git a/pvefw b/pvefw
index 9ba332dee5bc6ceb13fe206b9acb69f667eb74c3..30be559f1feb309e541b9191a0b79311f17342ce 100755 (executable)
--- a/pvefw
+++ b/pvefw
@@ -41,7 +41,6 @@ __PACKAGE__->register_method ({
                description => "Verbose output.",
                type => "boolean",
                optional => 1,
-               default => 0,
            },
        },
     },
@@ -50,6 +49,11 @@ __PACKAGE__->register_method ({
     code => sub {
        my ($param) = @_;
 
+       my $rpcenv = PVE::RPCEnvironment::get();
+
+       $param->{verbose} = 1 
+           if !defined($param->{verbose}) && ($rpcenv->{type} eq 'cli');
+
        my $code = sub {
            my $ruleset = PVE::Firewall::compile();
            PVE::Firewall::get_ruleset_status($ruleset, 1) if $param->{verbose};
@@ -82,7 +86,8 @@ __PACKAGE__->register_method ({
        my ($param) = @_;
 
        my $code = sub {
-           PVE::Firewall::compile_and_start($param->{verbose});
+           my $ruleset = PVE::Firewall::compile();
+           PVE::Firewall::apply_ruleset($ruleset, $param->{verbose});
        };
 
        PVE::Firewall::run_locked($code);
@@ -107,16 +112,16 @@ __PACKAGE__->register_method ({
        my $code = sub {
            my $chash = PVE::Firewall::iptables_get_chains();
            my $cmdlist = "*filter\n";
-           my $rule = "INPUT -j proxmoxfw-INPUT";
+           my $rule = "INPUT -j PVEFW-INPUT";
            if (PVE::Firewall::iptables_rule_exist($rule)) {
                $cmdlist .= "-D $rule\n";
            }
-           $rule = "OUTPUT -j proxmoxfw-OUTPUT";
+           $rule = "OUTPUT -j PVEFW-OUTPUT";
            if (PVE::Firewall::iptables_rule_exist($rule)) {
                $cmdlist .= "-D $rule\n";
            }
 
-           $rule = "FORWARD -j proxmoxfw-FORWARD";
+           $rule = "FORWARD -j PVEFW-FORWARD";
            if (PVE::Firewall::iptables_rule_exist($rule)) {
                $cmdlist .= "-D $rule\n";
            }