summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
ba791b1)
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
return if $line =~ m/^#/;
return if $line =~ m/^\s*$/;
return if $line =~ m/^#/;
return if $line =~ m/^\s*$/;
- if ($line =~ m/^(?:\S+)\s(\S+)\s(?:\S+).*/) {
+ if ($line =~ m/^(?:\S+)\s(PVEFW-\S+)\s(?:\S+).*/) {
my $chain = $1;
$line =~ s/\s+$//; # delete trailing white space
push @{$chains->{$chain}}, $line;
my $chain = $1;
$line =~ s/\s+$//; # delete trailing white space
push @{$chains->{$chain}}, $line;
if ($source){
if($source =~ m/^(\+)(\S+)$/){
die "no such netgroup $2" if !$cluster_conf->{ipset}->{$2};
if ($source){
if($source =~ m/^(\+)(\S+)$/){
die "no such netgroup $2" if !$cluster_conf->{ipset}->{$2};
- push @cmd, "-m set --match-set $2 src";
+ push @cmd, "-m set --match-set PVEFW-$2 src";
}elsif ($source =~ m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){
push @cmd, "-m iprange --src-range $source";
}elsif ($source =~ m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){
push @cmd, "-m iprange --src-range $source";
if ($dest){
if($dest =~ m/^(\+)(\S+)$/){
die "no such netgroup $2" if !$cluster_conf->{ipset}->{$2};
if ($dest){
if($dest =~ m/^(\+)(\S+)$/){
die "no such netgroup $2" if !$cluster_conf->{ipset}->{$2};
- push @cmd, "-m set --match-set $2 dst";
+ push @cmd, "-m set --match-set PVEFW-$2 dst";
}elsif ($dest =~ m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){
push @cmd, "-m iprange --dst-range $dest";
}elsif ($dest =~ m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){
push @cmd, "-m iprange --dst-range $dest";
my ($ipset_ruleset, $fw_conf) = @_;
foreach my $ipset (keys %{$fw_conf->{ipset}}) {
my ($ipset_ruleset, $fw_conf) = @_;
foreach my $ipset (keys %{$fw_conf->{ipset}}) {
- generate_ipset($ipset_ruleset, $ipset, $fw_conf->{ipset}->{$ipset});
+ generate_ipset($ipset_ruleset, "PVEFW-$ipset", $fw_conf->{ipset}->{$ipset});