]> git.proxmox.com Git - pve-firewall.git/blobdiff - src/pve-firewall
projects / pve-firewall.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
save restore commands into files (debug help)
[pve-firewall.git] / src / pve-firewall
diff --git a/src/pve-firewall b/src/pve-firewall
index f02b76066924e025026704ebda8052631cf2c146..f2ccd307369ebfa4dcfa08d7b389813b3cef4b92 100755 (executable)
--- a/src/pve-firewall
+++ b/src/pve-firewall
@@ -49,6 +49,8 @@ my $commandline = [$0, @ARGV];
 
 $0 = "pve-firewall";
 
+mkdir "/var/lib/pve-firewall";
+
 sub restart_server {
     my ($waittime) = @_;
 
@@ -349,8 +351,9 @@ __PACKAGE__->register_method ({
                $verbose = 0; # do not show iptables details
                my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
                my ($test, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
-             
-               $res->{changes} = ($ipset_changes || $ruleset_changes) ? 1 : 0;
+               my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, $verbose, "ip6tables");
+
+               $res->{changes} = ($ipset_changes || $ruleset_changes || $ruleset_changesv6) ? 1 : 0;
            }
 
            return $res;
@@ -382,10 +385,16 @@ __PACKAGE__->register_method ({
            my $cluster_conf = PVE::Firewall::load_clusterfw_conf(undef, $verbose); 
            my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
 
+           print "ipset cmdlist:\n";
            my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
+
+           print "\niptables cmdlist:\n";
            my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
 
-           if ($ipset_changes || $ruleset_changes) {
+           print "\nip6tables cmdlist:\n";
+           my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, $verbose, "ip6tables");
+
+           if ($ipset_changes || $ruleset_changes || $ruleset_changesv6) {
                print "detected changes\n";
            } else {
                print "no changes\n";
Firewall test scripts