X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=0e15090f3d7940c680fcc5aa8a6744d04d54f0e7;hp=41f48d638b4569aa379cbfb89c5ffb4bd0c2faa7;hb=a44539a351b71b24bb4074949aab52bb59d56e80;hpb=defdf28e9984cf2b19b50ea9f6a263bd5a365e43

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 41f48d6..0e15090 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -214,7 +214,10 @@ my $pve_fw_macros = {
     ],
     'Ceph' => [
         "Ceph Storage Cluster traffic (Ceph Monitors, OSD & MDS Deamons)",
+	# Legacy port for protocol v1
         { action => 'PARAM', proto => 'tcp', dport => '6789' },
+	# New port for protocol v2
+        { action => 'PARAM', proto => 'tcp', dport => '3300' },
         { action => 'PARAM', proto => 'tcp', dport => '6800:7300' },
     ],
     'CVS' => [
@@ -1748,25 +1751,25 @@ sub enable_bridge_firewall {
 sub iptables_restore_cmdlist {
     my ($cmdlist) = @_;
 
-    run_command("/sbin/iptables-restore -n", input => $cmdlist, errmsg => "iptables_restore_cmdlist");
+    run_command(['iptables-restore', '-n'], input => $cmdlist, errmsg => "iptables_restore_cmdlist");
 }
 
 sub ip6tables_restore_cmdlist {
     my ($cmdlist) = @_;
 
-    run_command("/sbin/ip6tables-restore -n", input => $cmdlist, errmsg => "iptables_restore_cmdlist");
+    run_command(['ip6tables-restore', '-n'], input => $cmdlist, errmsg => "iptables_restore_cmdlist");
 }
 
 sub ipset_restore_cmdlist {
     my ($cmdlist) = @_;
 
-    run_command("/sbin/ipset restore", input => $cmdlist, errmsg => "ipset_restore_cmdlist");
+    run_command(['ipset', 'restore'], input => $cmdlist, errmsg => "ipset_restore_cmdlist");
 }
 
 sub ebtables_restore_cmdlist {
     my ($cmdlist) = @_;
 
-    run_command("/sbin/ebtables-restore", input => $cmdlist, errmsg => "ebtables_restore_cmdlist");
+    run_command(['ebtables-restore'], input => $cmdlist, errmsg => "ebtables_restore_cmdlist");
 }
 
 sub iptables_get_chains {
@@ -1825,7 +1828,7 @@ sub iptables_get_chains {
 	}
     };
 
-    run_command("/sbin/$iptablescmd-save", outfunc => $parser);
+    run_command(["$iptablescmd-save"], outfunc => $parser);
 
     return wantarray ? ($res, $hooks) : $res;
 }
@@ -1869,7 +1872,7 @@ sub ipset_get_chains {
 	}
     };
 
-    run_command("/sbin/ipset save", outfunc => $parser);
+    run_command(['ipset', 'save'], outfunc => $parser);
 
     # compute digest for each chain
     foreach my $chain (keys %$chains) {
@@ -1900,7 +1903,7 @@ sub ebtables_get_chains {
 	}
     };
 
-    run_command("/sbin/ebtables-save", outfunc => $parser);
+    run_command(['ebtables-save'], outfunc => $parser);
     # compute digest for each chain and store rules as well
     foreach my $chain (keys %$chains) {
 	$res->{$chain}->{rules} = $chains->{$chain};
@@ -4259,7 +4262,7 @@ sub update_nf_conntrack_logging {
 	my $tmpfile = "$pve_fw_status_dir/log_nf_conntrack";
 	PVE::Tools::file_set_contents($tmpfile, $value);
 
-	PVE::Tools::run_command([qw(systemctl try-reload-or-restart pvefw-logger.service)]);
+	run_command([qw(systemctl try-reload-or-restart pvefw-logger.service)]);
 	$log_nf_conntrack_enabled = $value;
     }
 }