+sub get_ebtables_cmdlist {
+ my ($ruleset, $verbose) = @_;
+
+ my $changes = 0;
+ my $cmdlist = "*filter\n";
+
+ my ($active_chains, $hooks) = ebtables_get_chains();
+ my $statushash = get_ruleset_status($ruleset, $active_chains, \&iptables_chain_digest, $verbose);
+
+ # create chains first
+ foreach my $chain (sort keys %$ruleset) {
+ my $stat = $statushash->{$chain};
+ die "internal error" if !$stat;
+ $cmdlist .= ":$chain ACCEPT\n";
+ }
+
+ if ($ruleset->{FORWARD}) {
+ $cmdlist .= "-A FORWARD -j PVEFW-FORWARD\n";
+ }
+
+ foreach my $chain (sort keys %$ruleset) {
+ my $stat = $statushash->{$chain};
+ die "internal error" if !$stat;
+ $changes = 1 if ($stat->{action} ne 'exists');
+
+ foreach my $cmd (@{$ruleset->{$chain}}) {
+ $cmdlist .= "$cmd\n";
+ }
+ }
+
+ return wantarray ? ($cmdlist, $changes) : $cmdlist;
+}
+