X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FFirewall.pm;h=9b24b5cefd0ccb21b7e62e954553099876137433;hp=ea2abe27660de47c66f41dfc57b7e697c26a1db6;hb=ac633d3003e1b2c6caad2a2e63d1c8421aec1a29;hpb=dd009ced9c1831b58701c2a6924dbfef021a4930;ds=sidebyside diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index ea2abe2..9b24b5c 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -705,11 +705,14 @@ my $ipv4_mask_hash_clusternet = { '255.255.255.252' => 30, }; -my $cluster_network; +my $__cluster_network; -sub get_cluster_network { +sub cluster_network { + my ($new_value) = @_; - return $cluster_network if defined($cluster_network); + $__cluster_network = $new_value if defined($new_value); + + return $__cluster_network if defined($__cluster_network); eval { my $nodename = PVE::INotify::nodename(); @@ -726,14 +729,14 @@ sub get_cluster_network { my $cidr = "$entry->{dest}/$mask"; my $testnet = Net::IP->new($cidr); if ($testnet->overlaps($testip)) { - $cluster_network = $cidr; + $__cluster_network = $cidr; return; } } }; warn $@ if $@; - return $cluster_network; + return $__cluster_network; } sub parse_address_list { @@ -1699,7 +1702,7 @@ sub enable_host_firewall { delete $rule->{iface_in}; } - my $clusternet = get_cluster_network(); + my $clusternet = cluster_network(); # allow standard traffic on cluster network if ($clusternet) { @@ -1709,7 +1712,7 @@ sub enable_host_firewall { ruleset_addrule($ruleset, $chain, "-s $clusternet -p tcp --dport 22 -j $accept_action"); # SSH # corosync - my $corosync_rule = "-p udp -m conntrack --ctstate NEW --dport 5404:5405 -j $accept_action" + my $corosync_rule = "-p udp -m conntrack --ctstate NEW --dport 5404:5405 -j $accept_action"; ruleset_addrule($ruleset, $chain, "-s $clusternet -d $clusternet $corosync_rule"); ruleset_addrule($ruleset, $chain, "-s $clusternet -m addrtype --dst-type MULTICAST $corosync_rule"); }