$rules = [ $rule ];
}
+ # update all or nothing
+
+ my @cmds = ();
foreach my $tmp (@$rules) {
if (my $cmdstr = ruleset_generate_cmdstr($ruleset, $chain, $tmp, $actions, $goto, $cluster_conf)) {
- ruleset_addrule($ruleset, $chain, $cmdstr);
+ push @cmds, $cmdstr;
}
}
+
+ foreach my $cmdstr (@cmds) {
+ ruleset_addrule($ruleset, $chain, $cmdstr);
+ }
}
sub ruleset_generate_rule_insert {
my $nethash = {};
foreach my $entry (@$options) {
my $cidr = $entry->{cidr};
- if ($cidr =~ m/^${ip_alias_pattern}$/){
- die "no such alias $cidr" if !$aliases->{$cidr};
- $entry->{cidr} = $aliases->{$cidr};
+ if ($cidr =~ m/^${ip_alias_pattern}$/) {
+ if ($aliases->{$cidr}) {
+ $entry->{cidr} = $aliases->{$cidr};
+ } else {
+ warn "no such alias '$cidr'\n" if !$aliases->{$cidr};
+ }
}
$nethash->{$entry->{cidr}} = $entry;
}
enable_bridge_firewall();
- update_nf_conntrack_max($hostfw_conf);
-
- update_nf_conntrack_tcp_timeout_established($hostfw_conf);
-
my ($ipset_create_cmdlist, $ipset_delete_cmdlist, $ipset_changes) =
get_ipset_cmdlist($ipset_ruleset, undef, $verbose);
}
die "unable to apply firewall changes\n" if $errors;
+
+ update_nf_conntrack_max($hostfw_conf);
+
+ update_nf_conntrack_tcp_timeout_established($hostfw_conf);
+
}
sub update_nf_conntrack_max {