- my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset);
- my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset);
-
- $res->{changes} = ($ipset_changes || $ruleset_changes) ? 1 : 0;
+ my $verbose = 1; # show syntax errors
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf(undef, $verbose);
+ $res->{enable} = $cluster_conf->{options}->{enable} ? 1 : 0;
+
+ if ($status eq 'running') {
+
+ my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
+
+ $verbose = 0; # do not show iptables details
+ my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
+ my ($test, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
+ my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, $verbose, "ip6tables");
+
+ $res->{changes} = ($ipset_changes || $ruleset_changes || $ruleset_changesv6) ? 1 : 0;