X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2Fpvefw;h=f02b12acb33b5150f78746773be48b518a76063d;hp=4cc2fe28195aa435b828421caf09c5d0028fdb43;hb=4b96e87759bac374f695143f584f69c1855aa878;hpb=d1c53b3e0daad6891ad6a97b6e79d03d7e781a78

diff --git a/src/pvefw b/src/pvefw
index 4cc2fe2..f02b12a 100755
--- a/src/pvefw
+++ b/src/pvefw
@@ -60,8 +60,17 @@ __PACKAGE__->register_method ({
 	    if !defined($param->{verbose}) && ($rpcenv->{type} eq 'cli');
 
 	my $code = sub {
-	    my $ruleset = PVE::Firewall::compile();
-	    PVE::Firewall::get_ruleset_status($ruleset, 1) if $param->{verbose};
+	    my ($ruleset, $hostfw_conf, $ipset_ruleset) = PVE::Firewall::compile();
+
+	    if ($param->{verbose}) {
+		my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, 1);
+		my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, 1);
+		if ($ipset_changes || $ruleset_changes) {
+		    print "detected changes\n";
+		} else {
+		    print "no changes\n";
+		}
+	    }
 	};
 
 	PVE::Firewall::run_locked($code);
@@ -106,12 +115,12 @@ __PACKAGE__->register_method ({
 
 	    my $res = { status => $status };
 	    if ($status eq 'active') {
-		my $ruleset = PVE::Firewall::compile();
-		my $cmdlist = PVE::Firewall::get_rulset_cmdlist($ruleset);
+		my ($ruleset, $hostfw_conf, $ipset_ruleset) = PVE::Firewall::compile();
 
-		if ($cmdlist ne "*filter\nCOMMIT\n") {
-		    $res->{changes} = 1;
-		}
+		my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset);
+		my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset);
+		# fixme: ipset changes
+		$res->{changes} = ($ipset_changes || $ruleset_changes) ? 1 : 0;
 	    } 
 
 	    return $res;
@@ -187,33 +196,7 @@ __PACKAGE__->register_method ({
 	my ($param) = @_;
 
 	my $code = sub {
-
-	    my $chash = PVE::Firewall::iptables_get_chains();
-	    my $cmdlist = "*filter\n";
-	    my $rule = "INPUT -j PVEFW-INPUT";
-	    if (PVE::Firewall::iptables_rule_exist($rule)) {
-		$cmdlist .= "-D $rule\n";
-	    }
-	    $rule = "OUTPUT -j PVEFW-OUTPUT";
-	    if (PVE::Firewall::iptables_rule_exist($rule)) {
-		$cmdlist .= "-D $rule\n";
-	    }
-
-	    $rule = "FORWARD -j PVEFW-FORWARD";
-	    if (PVE::Firewall::iptables_rule_exist($rule)) {
-		$cmdlist .= "-D $rule\n";
-	    }
-
-	    foreach my $chain (keys %$chash) {
-		$cmdlist .= "-F $chain\n";
-	    }
-	    foreach my $chain (keys %$chash) {
-		$cmdlist .= "-X $chain\n";
-	    }
-	    $cmdlist .= "COMMIT\n";
-
-	    PVE::Firewall::iptables_restore_cmdlist($cmdlist);
-
+	    PVE::Firewall::remove_pvefw_chains();
 	    PVE::Firewall::save_pvefw_status('stopped');
 	};