maxLength => 20,
});
+PVE::JSONSchema::register_standard_option('pve-fw-loglevel' => {
+ description => "Log level.",
+ type => 'string',
+ enum => ['emerg', 'alert', 'crit', 'err', 'warning', 'notice', 'info', 'debug', 'nolog'],
+ optional => 1,
+});
+
my $security_group_pattern = '[A-Za-z][A-Za-z0-9\-\_]+';
PVE::JSONSchema::register_standard_option('pve-security-group-name', {
push @cmd, "-m iprange --dst-range $dest";
} else {
- push @cmd, "-s $dest";
+ push @cmd, "-d $dest";
}
}
# same as shorewall smurflog.
my $chain = 'PVEFW-smurflog';
+ $pve_std_chains->{$chain} = [];
push @{$pve_std_chains->{$chain}}, get_log_rule_base($chain, 0, "DROP: ", $loglevel) if $loglevel;
push @{$pve_std_chains->{$chain}}, "-j DROP";
# same as shorewall logflags action.
$loglevel = get_option_log_level($options, 'tcp_flags_log_level');
$chain = 'PVEFW-logflags';
+ $pve_std_chains->{$chain} = [];
+
# fixme: is this correctly logged by pvewf-logger? (ther is no --log-ip-options for NFLOG)
push @{$pve_std_chains->{$chain}}, get_log_rule_base($chain, 0, "DROP: ", $loglevel) if $loglevel;
push @{$pve_std_chains->{$chain}}, "-j DROP";
my $routing_table = read_proc_net_route();
-
my $ipset_ruleset = {};
generate_ipset_chains($ipset_ruleset, $cluster_conf);
die "Firewall is disabled - cannot start\n" if !$enable && $start;
if (!$enable) {
- if ($status ne 'stopped') {
- print "trying to stop firewall (firewall is disabled)\n" if $verbose;
- PVE::Firewall::remove_pvefw_chains();
- PVE::Firewall::save_pvefw_status('stopped');
- }
+ PVE::Firewall::remove_pvefw_chains();
print "Firewall disabled\n" if $verbose;
return;
}