X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2Fpvefw;h=f02b12acb33b5150f78746773be48b518a76063d;hp=f700e95d03b43b00432ac9f6daa3b8120c22c955;hb=dd7a13fddc9f4c727fdd537618e43a4b8967e079;hpb=3f95d14a47f8a4ea06edb2551169629cb6719591

diff --git a/src/pvefw b/src/pvefw
index f700e95..f02b12a 100755
--- a/src/pvefw
+++ b/src/pvefw
@@ -63,8 +63,8 @@ __PACKAGE__->register_method ({
 	    my ($ruleset, $hostfw_conf, $ipset_ruleset) = PVE::Firewall::compile();
 
 	    if ($param->{verbose}) {
-		my (undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, 1);
-		my (undef, $ruleset_changes) = PVE::Firewall::get_rulset_cmdlist($ruleset, 1);
+		my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, 1);
+		my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, 1);
 		if ($ipset_changes || $ruleset_changes) {
 		    print "detected changes\n";
 		} else {
@@ -117,8 +117,8 @@ __PACKAGE__->register_method ({
 	    if ($status eq 'active') {
 		my ($ruleset, $hostfw_conf, $ipset_ruleset) = PVE::Firewall::compile();
 
-		my (undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset);
-		my (undef, $ruleset_changes) = PVE::Firewall::get_rulset_cmdlist($ruleset);
+		my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset);
+		my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset);
 		# fixme: ipset changes
 		$res->{changes} = ($ipset_changes || $ruleset_changes) ? 1 : 0;
 	    } 
@@ -196,33 +196,7 @@ __PACKAGE__->register_method ({
 	my ($param) = @_;
 
 	my $code = sub {
-
-	    my $chash = PVE::Firewall::iptables_get_chains();
-	    my $cmdlist = "*filter\n";
-	    my $rule = "INPUT -j PVEFW-INPUT";
-	    if (PVE::Firewall::iptables_rule_exist($rule)) {
-		$cmdlist .= "-D $rule\n";
-	    }
-	    $rule = "OUTPUT -j PVEFW-OUTPUT";
-	    if (PVE::Firewall::iptables_rule_exist($rule)) {
-		$cmdlist .= "-D $rule\n";
-	    }
-
-	    $rule = "FORWARD -j PVEFW-FORWARD";
-	    if (PVE::Firewall::iptables_rule_exist($rule)) {
-		$cmdlist .= "-D $rule\n";
-	    }
-
-	    foreach my $chain (keys %$chash) {
-		$cmdlist .= "-F $chain\n";
-	    }
-	    foreach my $chain (keys %$chash) {
-		$cmdlist .= "-X $chain\n";
-	    }
-	    $cmdlist .= "COMMIT\n";
-
-	    PVE::Firewall::iptables_restore_cmdlist($cmdlist);
-
+	    PVE::Firewall::remove_pvefw_chains();
 	    PVE::Firewall::save_pvefw_status('stopped');
 	};