add standard rules after user rules

[pve-firewall.git] / src / pve-firewall

diff --git a/src/pve-firewall b/src/pve-firewall
index 7de7355e8140244d6a2ad1f33c0492307cae0f05..0c929794693d4e4be9373fcdb51cd7a6346cb6a7 100755 (executable)
--- a/src/pve-firewall
+++ b/src/pve-firewall
@@ -114,6 +114,10 @@ sub run_server {
 
     delete $ENV{RESTART_PVE_FIREWALL};
 
+    PVE::Cluster::cfs_update();
+    
+    PVE::Firewall::init();
+
     if (!$param->{debug}) {
        open STDIN,  '</dev/null' || die "can't read /dev/null";
        open STDOUT, '>/dev/null' || die "can't write /dev/null";
@@ -251,7 +255,7 @@ __PACKAGE__->register_method ({
     name => 'stop',
     path => 'stop',
     method => 'POST',
-    description => "Stop firewall. This will remove all rules installed by this script. The host is unprotected afterwards.",
+    description => "Stop firewall. This removes all Proxmox VE related iptable rules. The host is unprotected afterwards.",
     parameters => {
        additionalProperties => 0,
        properties => {},
@@ -342,7 +346,7 @@ __PACKAGE__->register_method ({
     name => 'compile',
     path => 'compile',
     method => 'POST',
-    description => "Compile amd print firewall rules. This is only for testing.",
+    description => "Compile and print firewall rules. This is useful for testing.",
     parameters => {
        additionalProperties => 0,
        properties => {},
@@ -397,16 +401,14 @@ __END__
 
 =head1 NAME
                                           
-pvestatd - PVE Firewall Daemon
+pve-firewall - PVE Firewall Daemon
 
 =head1 SYNOPSIS
 
-pve-firewall
+=include synopsis
 
 =head1 DESCRIPTION
 
 This service updates iptables rules periodically.
 
-
-
-
+=include pve_copyright