}
sub ruleset_generate_rule {
- my ($ruleset, $chain, $ipversion, $rule, $actions, $goto, $cluster_conf, $fw_conf) = @_;
+ my ($ruleset, $chain, $ipversion, $rule, $cluster_conf, $fw_conf) = @_;
my $rules;
eval {
if ($direction eq 'OUT') {
rule_substitude_action($rule, { ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" });
- ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
- undef, $cluster_conf, $vmfw_conf);
+ ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf, $vmfw_conf);
} else {
rule_substitude_action($rule, { ACCEPT => $in_accept , REJECT => "PVEFW-reject" });
- ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
- undef, $cluster_conf, $vmfw_conf);
+ ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf, $vmfw_conf);
}
};
warn $@ if $@;
ruleset_add_group_rule($ruleset, $cluster_conf, $chain, $rule, 'IN', $accept_action, $ipversion);
} elsif ($rule->{type} eq 'in') {
rule_substitude_action($rule, { ACCEPT => $accept_action, REJECT => "PVEFW-reject" });
- ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
- undef, $cluster_conf, $hostfw_conf);
+ ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf, $hostfw_conf);
}
};
warn $@ if $@;
ruleset_add_group_rule($ruleset, $cluster_conf, $chain, $rule, 'OUT', $accept_action, $ipversion);
} elsif ($rule->{type} eq 'out') {
rule_substitude_action($rule, { ACCEPT => $accept_action, REJECT => "PVEFW-reject" });
- ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
- undef, $cluster_conf, $hostfw_conf);
+ ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf, $hostfw_conf);
}
};
warn $@ if $@;
next if $rule->{type} ne 'in';
next if $rule->{ipversion} && $rule->{ipversion} ne $ipversion;
rule_substitude_action($rule, { ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" });
- ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef, undef, $cluster_conf);
+ ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf);
}
$chain = "GROUP-${group}-OUT";
# we use PVEFW-SET-ACCEPT-MARK (Instead of ACCEPT) because we need to
# check also other tap rules later
rule_substitude_action($rule, { ACCEPT => 'PVEFW-SET-ACCEPT-MARK', REJECT => "PVEFW-reject" });
- ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
- undef, $cluster_conf);
+ ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf);
}
}