firewall update : load cluster conf for host rules

Currently we can't use ipsets defined in cluster in host rules

host.fw
----------
[OPTIONS]

log_level_in: debug
enable: 1
tcp_flags_log_level: debug
log_level_out: debug
tcpflags: 1
smurf_log_level: debug

[RULES]

IN ACCEPT -source +whitelist

in sub update {
my $hostfw_conf = load_hostfw_conf();
}

$VAR1 = {
          'options' => {
                         'enable' => 1,
                         'log_level_in' => 'debug',
                         'tcp_flags_log_level' => 'debug',
                         'log_level_out' => 'debug',
                         'tcpflags' => 1,
                         'smurf_log_level' => 'debug'
                       },
          'ipset' => {},
          'rules' => [
                       {
                         'source' => '+whitelist',
                         'enable' => 1,
                         'errors' => {
                                       'source' => 'no such ipset \'whitelist\''
                                     },
                         'action' => 'ACCEPT',
                         'type' => 'in'
                       }
                     ]
        };

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index abf591be755deaabcf579d2ecd79c5673cd9ff28..958927acdf70bbf906f49b29f4af1fbcb9a62e12 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3560,7 +3560,7 @@ sub update {
            return;
        }
 
-       my $hostfw_conf = load_hostfw_conf();
+       my $hostfw_conf = load_hostfw_conf($cluster_conf);
 
        my ($ruleset, $ipset_ruleset, $rulesetv6) = compile($cluster_conf, $hostfw_conf);