enable proc/sys/net/bridge/bridge-nf-call-iptables
authorDietmar Maurer <dietmar@proxmox.com>
Tue, 18 Feb 2014 11:07:40 +0000 (12:07 +0100)
committerDietmar Maurer <dietmar@proxmox.com>
Tue, 18 Feb 2014 11:07:40 +0000 (12:07 +0100)
PVE/Firewall.pm
pvefw

index 24bc2c7..324a20d 100644 (file)
@@ -137,6 +137,18 @@ sub parse_port_name_number_or_range {
     return ($nbports);
 }
 
+my $bridge_firewall_enabled = 0;
+
+sub enable_bridge_firewall {
+
+    return if $bridge_firewall_enabled; # only once
+
+    system("echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables");
+    system("echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables");
+
+    $bridge_firewall_enabled = 1;
+}
+
 my $rule_format = "%-15s %-30s %-30s %-15s %-15s %-15s\n";
 
 sub iptables {
diff --git a/pvefw b/pvefw
index 029ce9b..4370678 100755 (executable)
--- a/pvefw
+++ b/pvefw
@@ -82,6 +82,7 @@ __PACKAGE__->register_method ({
        my ($param) = @_;
 
        my $code = sub {
+           PVE::Firewall::enable_bridge_firewall();
            PVE::Firewall::compile_and_start($param->{verbose});
        };