Else those chains grow if called from a daemon.
# same as shorewall smurflog.
my $chain = 'PVEFW-smurflog';
# same as shorewall smurflog.
my $chain = 'PVEFW-smurflog';
+ $pve_std_chains->{$chain} = [];
push @{$pve_std_chains->{$chain}}, get_log_rule_base($chain, 0, "DROP: ", $loglevel) if $loglevel;
push @{$pve_std_chains->{$chain}}, "-j DROP";
push @{$pve_std_chains->{$chain}}, get_log_rule_base($chain, 0, "DROP: ", $loglevel) if $loglevel;
push @{$pve_std_chains->{$chain}}, "-j DROP";
# same as shorewall logflags action.
$loglevel = get_option_log_level($options, 'tcp_flags_log_level');
$chain = 'PVEFW-logflags';
# same as shorewall logflags action.
$loglevel = get_option_log_level($options, 'tcp_flags_log_level');
$chain = 'PVEFW-logflags';
+ $pve_std_chains->{$chain} = [];
+
# fixme: is this correctly logged by pvewf-logger? (ther is no --log-ip-options for NFLOG)
push @{$pve_std_chains->{$chain}}, get_log_rule_base($chain, 0, "DROP: ", $loglevel) if $loglevel;
push @{$pve_std_chains->{$chain}}, "-j DROP";
# fixme: is this correctly logged by pvewf-logger? (ther is no --log-ip-options for NFLOG)
push @{$pve_std_chains->{$chain}}, get_log_rule_base($chain, 0, "DROP: ", $loglevel) if $loglevel;
push @{$pve_std_chains->{$chain}}, "-j DROP";
my $routing_table = read_proc_net_route();
my $routing_table = read_proc_net_route();
my $ipset_ruleset = {};
generate_ipset_chains($ipset_ruleset, $cluster_conf);
my $ipset_ruleset = {};
generate_ipset_chains($ipset_ruleset, $cluster_conf);
projects / pve-firewall.git / commitdiff