return empty ruleset if firewall disabled in cluster.fw

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 70d916c48a3f2e667fec651b5d7635db8ae2845a..f4f4377b64e3a9f67ca9b24bf2386bfeb510abdb 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2781,6 +2781,8 @@ sub compile {
 
     push @{$cluster_conf->{ipset}->{management}}, { cidr => $localnet };
 
+    return ({}, {}) if !$cluster_conf->{options}->{enable};
+
     my $ruleset = {};
 
     ruleset_create_chain($ruleset, "PVEFW-INPUT");

diff --git a/test/test-basic1/cluster.fw b/test/test-basic1/cluster.fw
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..6dc132a4d48ed1fc816e44476294586abb8e701a 100644 (file)
--- a/test/test-basic1/cluster.fw
+++ b/test/test-basic1/cluster.fw
@@ -0,0 +1,3 @@
+[options]
+
+enable: 1
\ No newline at end of file

diff --git a/test/test-default-rules1/cluster.fw b/test/test-default-rules1/cluster.fw
index bc72078ddedc74ba1fc704abe41f446ef5df2be9..5ce18ddf9d22342a6360523879a31a7d661f9fef 100644 (file)
--- a/test/test-default-rules1/cluster.fw
+++ b/test/test-default-rules1/cluster.fw
@@ -1,3 +1,4 @@
 [OPTIONS]
 
+enable: 1
 policy_out: DROP
\ No newline at end of file

diff --git a/test/test-errors1/cluster.fw b/test/test-errors1/cluster.fw
new file mode 100644 (file)
index 0000000..6dc132a
--- /dev/null
+++ b/test/test-errors1/cluster.fw
@@ -0,0 +1,3 @@
+[options]
+
+enable: 1
\ No newline at end of file

diff --git a/test/test-errors2/cluster.fw b/test/test-errors2/cluster.fw
new file mode 100644 (file)
index 0000000..6dc132a
--- /dev/null
+++ b/test/test-errors2/cluster.fw
@@ -0,0 +1,3 @@
+[options]
+
+enable: 1
\ No newline at end of file

diff --git a/test/test-errors3/cluster.fw b/test/test-errors3/cluster.fw
new file mode 100644 (file)
index 0000000..6dc132a
--- /dev/null
+++ b/test/test-errors3/cluster.fw
@@ -0,0 +1,3 @@
+[options]
+
+enable: 1
\ No newline at end of file

diff --git a/test/test-errors4/cluster.fw b/test/test-errors4/cluster.fw
new file mode 100644 (file)
index 0000000..6dc132a
--- /dev/null
+++ b/test/test-errors4/cluster.fw
@@ -0,0 +1,3 @@
+[options]
+
+enable: 1
\ No newline at end of file

diff --git a/test/test-ipset1/cluster.fw b/test/test-ipset1/cluster.fw
index d6b9525a9681b1b828f34dc52358360a20a0cc67..56ab13b65f5c823acccb237dcfa6a2bb53986491 100644 (file)
--- a/test/test-ipset1/cluster.fw
+++ b/test/test-ipset1/cluster.fw
@@ -1,3 +1,7 @@
+[OPTIONS]
+
+enable: 1
+
 [ALIASES]
 
 myserveralias 10.2.0.111

diff --git a/test/test-ipset2/cluster.fw b/test/test-ipset2/cluster.fw
new file mode 100644 (file)
index 0000000..6dc132a
--- /dev/null
+++ b/test/test-ipset2/cluster.fw
@@ -0,0 +1,3 @@
+[options]
+
+enable: 1
\ No newline at end of file

diff --git a/test/test-unconfigured/cluster.fw b/test/test-unconfigured/cluster.fw
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..10ed0ce696ae80f9e3cd381fdc94d31aad78aa2f 100644 (file)
--- a/test/test-unconfigured/cluster.fw
+++ b/test/test-unconfigured/cluster.fw
@@ -0,0 +1,4 @@
+[OPTIONS]
+
+enable: 1
+

diff --git a/test/test-vm-aliases1/cluster.fw b/test/test-vm-aliases1/cluster.fw
new file mode 100644 (file)
index 0000000..6dc132a
--- /dev/null
+++ b/test/test-vm-aliases1/cluster.fw
@@ -0,0 +1,3 @@
+[options]
+
+enable: 1
\ No newline at end of file