apply ebtables_ruleset

[pve-firewall.git] / src / PVE / Service / pve_firewall.pm

diff --git a/src/PVE/Service/pve_firewall.pm b/src/PVE/Service/pve_firewall.pm
index a9a343527b618cd73442962e1422e015fc174c17..5a0dd04ad07aaef17350d2a137abf0f27e4d355b 100755 (executable)
--- a/src/PVE/Service/pve_firewall.pm
+++ b/src/PVE/Service/pve_firewall.pm
@@ -170,8 +170,9 @@ __PACKAGE__->register_method ({
                my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
                my ($test, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
                my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, $verbose, "ip6tables");
++              my (undef, $ebtables_changes) = PVE::Firewall::get_ebtables_cmdlist($ebtables_ruleset, $verbose);
 
-               $res->{changes} = ($ipset_changes || $ruleset_changes || $ruleset_changesv6) ? 1 : 0;
+               $res->{changes} = ($ipset_changes || $ruleset_changes || $ruleset_changesv6 || $ebtables_changes) ? 1 : 0;
            }
 
            return $res;
@@ -212,7 +213,10 @@ __PACKAGE__->register_method ({
            print "\nip6tables cmdlist:\n";
            my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, $verbose, "ip6tables");
 
-           if ($ipset_changes || $ruleset_changes || $ruleset_changesv6) {
+           print "\nebtables cmdlist:\n";
+           my (undef, $ebtables_changes) = PVE::Firewall::get_ebtables_cmdlist($ebtables_ruleset, $verbose);
+
+           if ($ipset_changes || $ruleset_changes || $ruleset_changesv6 || $ebtables_changes) {
                print "detected changes\n";
            } else {
                print "no changes\n";