X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=4821759487b89bfbbf83e2fff9d8e2f7d69bfc4b;hp=95e00bddc55f9f972c49511f6631f64ad8169312;hb=2dc0a26e26f70914fe33cd555507a48790796c52;hpb=180da76c1e2cabea4e737fe2320f877c38c6d268

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 95e00bd..4821759 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2050,7 +2050,7 @@ sub ruleset_generate_action {
 }
 
 sub ruleset_generate_rule {
-    my ($ruleset, $chain, $ipversion, $rule, $actions, $goto, $cluster_conf, $fw_conf) = @_;
+    my ($ruleset, $chain, $ipversion, $rule, $cluster_conf, $fw_conf) = @_;
 
     my $rules;
 
@@ -2294,12 +2294,10 @@ sub ruleset_generate_vm_rules {
 	    eval {
 		if ($direction eq 'OUT') {
 		    rule_substitude_action($rule, { ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" });
-		    ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
-					  undef, $cluster_conf, $vmfw_conf);
+		    ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf, $vmfw_conf);
 		} else {
 		    rule_substitude_action($rule, { ACCEPT => $in_accept , REJECT => "PVEFW-reject" });
-		    ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
-					  undef, $cluster_conf, $vmfw_conf);
+		    ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf, $vmfw_conf);
 		}
 	    };
 	    warn $@ if $@;
@@ -2428,8 +2426,7 @@ sub enable_host_firewall {
 		ruleset_add_group_rule($ruleset, $cluster_conf, $chain, $rule, 'IN', $accept_action, $ipversion);
 	    } elsif ($rule->{type} eq 'in') {
 		rule_substitude_action($rule, { ACCEPT => $accept_action, REJECT => "PVEFW-reject" });
-		ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
-				      undef, $cluster_conf, $hostfw_conf);
+		ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf, $hostfw_conf);
 	    }
 	};
 	warn $@ if $@;
@@ -2485,8 +2482,7 @@ sub enable_host_firewall {
 		ruleset_add_group_rule($ruleset, $cluster_conf, $chain, $rule, 'OUT', $accept_action, $ipversion);
 	    } elsif ($rule->{type} eq 'out') {
 		rule_substitude_action($rule, { ACCEPT => $accept_action, REJECT => "PVEFW-reject" });
-		ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
-				      undef, $cluster_conf, $hostfw_conf);
+		ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf, $hostfw_conf);
 	    }
 	};
 	warn $@ if $@;
@@ -2532,7 +2528,7 @@ sub generate_group_rules {
 	next if $rule->{type} ne 'in';
 	next if $rule->{ipversion} && $rule->{ipversion} ne $ipversion;
 	rule_substitude_action($rule, { ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" });
-	ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef, undef, $cluster_conf);
+	ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf);
     }
 
     $chain = "GROUP-${group}-OUT";
@@ -2546,8 +2542,7 @@ sub generate_group_rules {
 	# we use PVEFW-SET-ACCEPT-MARK (Instead of ACCEPT) because we need to
 	# check also other tap rules later
 	rule_substitude_action($rule, { ACCEPT => 'PVEFW-SET-ACCEPT-MARK', REJECT => "PVEFW-reject" });
-	ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, undef,
-			      undef, $cluster_conf);
+	ruleset_generate_rule($ruleset, $chain, $ipversion, $rule, $cluster_conf);
     }
 }