$hostfw_conf = load_hostfw_conf($cluster_conf, undef) if !$hostfw_conf;
# cfs_update is handled by daemon or API
- $corosync_conf = PVE::Cluster::cfs_read_file("corosync.conf") if !$corosync_conf;
+ $corosync_conf = PVE::Cluster::cfs_read_file("corosync.conf")
+ if !defined($corosync_conf) && PVE::Corosync::check_conf_exists(1);
$vmdata = read_local_vm_config();
$vmfw_configs = read_vm_firewall_configs($cluster_conf, $vmdata, undef);
PVE::Firewall::remove_pvefw_chains_iptables("iptables");
PVE::Firewall::remove_pvefw_chains_iptables("ip6tables");
PVE::Firewall::remove_pvefw_chains_ipset();
+ PVE::Firewall::remove_pvefw_chains_ebtables();
}
ipset_restore_cmdlist($cmdlist) if $cmdlist;
}
+sub remove_pvefw_chains_ebtables {
+ # apply empty ruleset = remove all our chains
+ ebtables_restore_cmdlist(get_ebtables_cmdlist({}));
+}
+
sub init {
my $cluster_conf = load_clusterfw_conf();
my $cluster_options = $cluster_conf->{options};