X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=003dde67c7acbb2542e5ae1a3c8539aff5426e6d;hp=1d88891c81ea47d77b403e8b46e99aa782e09951;hb=edb75ba9dfab214380fd9eb31f9baaead5049e5e;hpb=38485daa337acdb3e185be2dd2a7578b5d74827f

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 1d88891..003dde6 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1831,10 +1831,12 @@ sub get_rulset_cmdlist {
 }
 
 sub apply_ruleset {
-    my ($ruleset, $verbose) = @_;
+    my ($ruleset, $hostfw_conf, $verbose) = @_;
 
     enable_bridge_firewall();
 
+    update_nf_conntrack_max($hostfw_conf);
+
     my $cmdlist = get_rulset_cmdlist($ruleset, $verbose);
 
     print $cmdlist if $verbose;
@@ -1888,13 +1890,11 @@ sub update {
 
 	my ($ruleset, $hostfw_conf) = PVE::Firewall::compile();
 
-	update_nf_conntrack_max($hostfw_conf);
-
 	if ($start || $status eq 'active') {
 
 	    save_pvefw_status('active')	if ($status ne 'active');
 
-	    PVE::Firewall::apply_ruleset($ruleset, $verbose);
+	    apply_ruleset($ruleset, $hostfw_conf, $verbose);
 	} else {
 	    print "Firewall not active (status = $status)\n" if $verbose;
 	}