projects
/
pve-firewall.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
7308976
)
ruleset_generate_vm_rule: avoid multiple calls to generate_nfqueue()
author
Dietmar Maurer
<dietmar@proxmox.com>
Tue, 22 Apr 2014 07:02:04 +0000
(09:02 +0200)
committer
Dietmar Maurer
<dietmar@proxmox.com>
Tue, 22 Apr 2014 07:02:04 +0000
(09:02 +0200)
src/PVE/Firewall.pm
patch
|
blob
|
blame
|
history
diff --git
a/src/PVE/Firewall.pm
b/src/PVE/Firewall.pm
index 7f3e5ac3dc32dfe9fc20aa18fca5de1f15921c12..01de542d3305e8dc397ad15110eab2d5775bd0b3 100644
(file)
--- a/
src/PVE/Firewall.pm
+++ b/
src/PVE/Firewall.pm
@@
-1505,6
+1505,8
@@
sub ruleset_generate_vm_rules {
my $lc_direction = lc($direction);
my $lc_direction = lc($direction);
+ my $in_accept = generate_nfqueue($options);
+
foreach my $rule (@$rules) {
next if $rule->{iface} && $rule->{iface} ne $netid;
next if !$rule->{enable};
foreach my $rule (@$rules) {
next if $rule->{iface} && $rule->{iface} ne $netid;
next if !$rule->{enable};
@@
-1527,8
+1529,7
@@
sub ruleset_generate_vm_rules {
ruleset_generate_rule($ruleset, $chain, $rule,
{ ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" }, undef, $cluster_conf);
} else {
ruleset_generate_rule($ruleset, $chain, $rule,
{ ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" }, undef, $cluster_conf);
} else {
- my $accept = generate_nfqueue($options);
- ruleset_generate_rule($ruleset, $chain, $rule, { ACCEPT => $accept , REJECT => "PVEFW-reject" }, undef, $cluster_conf);
+ ruleset_generate_rule($ruleset, $chain, $rule, { ACCEPT => $in_accept , REJECT => "PVEFW-reject" }, undef, $cluster_conf);
}
}
}
}
}
}