save restore commands into files (debug help)
authorDietmar Maurer <dietmar@proxmox.com>
Fri, 28 Nov 2014 06:09:37 +0000 (07:09 +0100)
committerDietmar Maurer <dietmar@proxmox.com>
Fri, 28 Nov 2014 06:18:58 +0000 (07:18 +0100)
To make it easier to debug restore errors.

src/PVE/Firewall.pm
src/pve-firewall

index fcbac36..1fbd403 100644 (file)
@@ -37,6 +37,10 @@ eval {
     $have_pve_manager = 1;
 };
 
+my $pve_fw_status_dir = "/var/lib/pve-firewall";
+
+mkdir $pve_fw_status_dir; # make sure this exists
+
 my $security_group_name_pattern = '[A-Za-z][A-Za-z0-9\-\_]+';
 my $ipset_name_pattern = '[A-Za-z][A-Za-z0-9\-\_]+';
 our $ip_alias_pattern = '[A-Za-z][A-Za-z0-9\-\_]+';
@@ -3427,11 +3431,24 @@ sub apply_ruleset {
        }
     }
 
+    my $tmpfile = "$pve_fw_status_dir/ipsetcmdlist1";
+    PVE::Tools::file_set_contents($tmpfile, $ipset_create_cmdlist || '');
+
     ipset_restore_cmdlist($ipset_create_cmdlist);
 
+    $tmpfile = "$pve_fw_status_dir/ip4cmdlist";
+    PVE::Tools::file_set_contents($tmpfile, $cmdlist || '');
+
     iptables_restore_cmdlist($cmdlist);
+
+    $tmpfile = "$pve_fw_status_dir/ip6cmdlist";
+    PVE::Tools::file_set_contents($tmpfile, $cmdlistv6 || '');
+
     ip6tables_restore_cmdlist($cmdlistv6);
 
+    $tmpfile = "$pve_fw_status_dir/ipsetcmdlist2";
+    PVE::Tools::file_set_contents($tmpfile, $ipset_delete_cmdlist || '');
+
     ipset_restore_cmdlist($ipset_delete_cmdlist) if $ipset_delete_cmdlist;
 
     # test: re-read status and check if everything is up to date
index e7a2337..f2ccd30 100755 (executable)
@@ -49,6 +49,8 @@ my $commandline = [$0, @ARGV];
 
 $0 = "pve-firewall";
 
+mkdir "/var/lib/pve-firewall";
+
 sub restart_server {
     my ($waittime) = @_;