X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2FPVE%2FService%2Fpve_firewall.pm;h=d8e42ec6cf3f9d1f341a6604f7f6e6434f19c1b1;hp=9f712e0d16a856b4c4b3c1ff2e0e801b6db7a8ad;hb=40af93c4067341115877fc082a900be215122f0a;hpb=0c32b7fbac4fa47a15724db1a3d9f7602ac14569

diff --git a/src/PVE/Service/pve_firewall.pm b/src/PVE/Service/pve_firewall.pm
index 9f712e0..d8e42ec 100755
--- a/src/PVE/Service/pve_firewall.pm
+++ b/src/PVE/Service/pve_firewall.pm
@@ -158,20 +158,22 @@ __PACKAGE__->register_method ({
 
 	    my $res = { status => $status };
 
-	    my $verbose = 1; # show syntax errors 
-	    my $cluster_conf = PVE::Firewall::load_clusterfw_conf(undef, $verbose); 
+	    PVE::Firewall::set_verbose(1); # show syntax errors
+
+	    my $cluster_conf = PVE::Firewall::load_clusterfw_conf(undef);
 	    $res->{enable} = $cluster_conf->{options}->{enable} ? 1 : 0;
 
 	    if ($status eq 'running') {
 		
-		my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
+		my ($ruleset, $ipset_ruleset, $rulesetv6, $ebtables_ruleset) = PVE::Firewall::compile($cluster_conf, undef, undef);
 
-		$verbose = 0; # do not show iptables details
-		my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
-		my ($test, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
-		my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, $verbose, "ip6tables");
+		PVE::Firewall::set_verbose(0); # do not show iptables details
+		my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset);
+		my ($test, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset);
+		my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, "ip6tables");
+		my (undef, $ebtables_changes) = PVE::Firewall::get_ebtables_cmdlist($ebtables_ruleset);
 
-		$res->{changes} = ($ipset_changes || $ruleset_changes || $ruleset_changesv6) ? 1 : 0;
+		$res->{changes} = ($ipset_changes || $ruleset_changes || $ruleset_changesv6 || $ebtables_changes) ? 1 : 0;
 	    }
 
 	    return $res;
@@ -198,21 +200,24 @@ __PACKAGE__->register_method ({
 
 	my $code = sub {
 
-	    my $verbose = 1;
+	    PVE::Firewall::set_verbose(1);
 
-	    my $cluster_conf = PVE::Firewall::load_clusterfw_conf(undef, $verbose); 
-	    my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile($cluster_conf, undef, undef, $verbose);
+	    my $cluster_conf = PVE::Firewall::load_clusterfw_conf(undef);
+	    my ($ruleset, $ipset_ruleset, $rulesetv6, $ebtables_ruleset) = PVE::Firewall::compile($cluster_conf, undef, undef);
 
 	    print "ipset cmdlist:\n";
-	    my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
+	    my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset);
 
 	    print "\niptables cmdlist:\n";
-	    my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
+	    my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset);
 
 	    print "\nip6tables cmdlist:\n";
-	    my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, $verbose, "ip6tables");
+	    my (undef, $ruleset_changesv6) = PVE::Firewall::get_ruleset_cmdlist($rulesetv6, "ip6tables");
+
+	    print "\nebtables cmdlist:\n";
+	    my (undef, $ebtables_changes) = PVE::Firewall::get_ebtables_cmdlist($ebtables_ruleset);
 
-	    if ($ipset_changes || $ruleset_changes || $ruleset_changesv6) {
+	    if ($ipset_changes || $ruleset_changes || $ruleset_changesv6 || $ebtables_changes) {
 		print "detected changes\n";
 	    } else {
 		print "no changes\n";
@@ -329,9 +334,11 @@ __PACKAGE__->register_method ({
 
 	local $SIG{'__WARN__'} = 'DEFAULT'; # do not fill up syslog
 
-	my ($ruleset, $ipset_ruleset, $rulesetv6) = PVE::Firewall::compile(undef, undef, undef, $param->{verbose});
+	PVE::Firewall::set_verbose($param->{verbose});
+
+	my ($ruleset, $ipset_ruleset, $rulesetv6, $ebtables_ruleset) = PVE::Firewall::compile();
 
-	PVE::FirewallSimulator::debug($param->{verbose} || 0);
+	PVE::FirewallSimulator::debug();
 	
 	my $host_ip = PVE::Cluster::remote_node_ip($nodename);
 
@@ -395,19 +402,3 @@ our $cmddef = {
  };
 
 1;
-
-__END__
-
-=head1 NAME
-                                          
-pve-firewall - PVE Firewall Daemon
-
-=head1 SYNOPSIS
-
-=include synopsis
-
-=head1 DESCRIPTION
-
-This service updates iptables rules periodically.
-
-=include pve_copyright