ebtables: remove PVE chains properly
authorFabian Grünbichler <f.gruenbichler@proxmox.com>
Wed, 10 Jul 2019 09:59:19 +0000 (11:59 +0200)
committerThomas Lamprecht <t.lamprecht@proxmox.com>
Wed, 10 Jul 2019 10:50:54 +0000 (12:50 +0200)
when globally disabling the FW, or on shutdown of firewall service.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
src/PVE/Firewall.pm

index 96c45e9..3b67186 100644 (file)
@@ -4269,6 +4269,7 @@ sub remove_pvefw_chains {
     PVE::Firewall::remove_pvefw_chains_iptables("iptables");
     PVE::Firewall::remove_pvefw_chains_iptables("ip6tables");
     PVE::Firewall::remove_pvefw_chains_ipset();
+    PVE::Firewall::remove_pvefw_chains_ebtables();
 
 }
 
@@ -4314,6 +4315,11 @@ sub remove_pvefw_chains_ipset {
     ipset_restore_cmdlist($cmdlist) if $cmdlist;
 }
 
+sub remove_pvefw_chains_ebtables {
+    # apply empty ruleset = remove all our chains
+    ebtables_restore_cmdlist(get_ebtables_cmdlist({}));
+}
+
 sub init {
     my $cluster_conf = load_clusterfw_conf();
     my $cluster_options = $cluster_conf->{options};