Currently we can't use ipsets defined in cluster in host rules
host.fw
----------
[OPTIONS]
log_level_in: debug
enable: 1
tcp_flags_log_level: debug
log_level_out: debug
tcpflags: 1
smurf_log_level: debug
[RULES]
IN ACCEPT -source +whitelist
in sub update {
my $hostfw_conf = load_hostfw_conf();
}
$VAR1 = {
'options' => {
'enable' => 1,
'log_level_in' => 'debug',
'tcp_flags_log_level' => 'debug',
'log_level_out' => 'debug',
'tcpflags' => 1,
'smurf_log_level' => 'debug'
},
'ipset' => {},
'rules' => [
{
'source' => '+whitelist',
'enable' => 1,
'errors' => {
'source' => 'no such ipset \'whitelist\''
},
'action' => 'ACCEPT',
'type' => 'in'
}
]
};
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
return;
}
- my $hostfw_conf = load_hostfw_conf();
+ my $hostfw_conf = load_hostfw_conf($cluster_conf);
my ($ruleset, $ipset_ruleset, $rulesetv6) = compile($cluster_conf, $hostfw_conf);