if ($status eq 'running') {
- my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
+ my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
$verbose = 0; # do not show iptables details
my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
my ($test, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
-
- $res->{changes} = ($ipset_changes || $ruleset_changes) ? 1 : 0;
+ my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, $verbose, "ip6tables");
+
+ $res->{changes} = ($ipset_changes || $ruleset_changes || $ruleset_changesv6) ? 1 : 0;
}
return $res;
my $verbose = 1;
my $cluster_conf = PVE::Firewall::load_clusterfw_conf(undef, $verbose);
- my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
+ my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
+ print "ipset cmdlist:\n";
my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
+
+ print "\niptables cmdlist:\n";
my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
- if ($ipset_changes || $ruleset_changes) {
+ print "\nip6tables cmdlist:\n";
+ my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, $verbose, "ip6tables");
+
+ if ($ipset_changes || $ruleset_changes || $ruleset_changesv6) {
print "detected changes\n";
} else {
print "no changes\n";
local $SIG{'__WARN__'} = 'DEFAULT'; # do not fill up syslog
- my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile(undef, undef, undef, $param->{verbose});
+ my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile(undef, undef, undef, $param->{verbose});
PVE::FirewallSimulator::debug($param->{verbose} || 0);