enable proc/sys/net/bridge/bridge-nf-call-iptables

author Dietmar Maurer <dietmar@proxmox.com>

Tue, 18 Feb 2014 11:07:40 +0000 (12:07 +0100)

committer Dietmar Maurer <dietmar@proxmox.com>

Tue, 18 Feb 2014 11:07:40 +0000 (12:07 +0100)
author Dietmar Maurer <dietmar@proxmox.com>
Tue, 18 Feb 2014 11:07:40 +0000 (12:07 +0100)
committer Dietmar Maurer <dietmar@proxmox.com>
Tue, 18 Feb 2014 11:07:40 +0000 (12:07 +0100)
diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm

index 24bc2c756aee9094ff27a5e45797afc5c5a70531..324a20dce997681b01744c5062802dd802c8fc02 100644 (file)
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -137,6 +137,18 @@ sub parse_port_name_number_or_range {
      return ($nbports);
  }
  
      return ($nbports);
  }
  
+my $bridge_firewall_enabled = 0;
+
+sub enable_bridge_firewall {
+
+    return if $bridge_firewall_enabled; # only once
+
+    system("echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables");
+    system("echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables");
+
+    $bridge_firewall_enabled = 1;
+}
+
  my $rule_format = "%-15s %-30s %-30s %-15s %-15s %-15s\n";
  
  sub iptables {
  my $rule_format = "%-15s %-30s %-30s %-15s %-15s %-15s\n";
  
  sub iptables {
diff --git a/pvefw b/pvefw

index 029ce9bd18d0ab9382d95c293a8618bf4286a0f0..4370678570dca59386ded0a90828d28148d8428b 100755 (executable)
--- a/pvefw
+++ b/pvefw
@@ -82,6 +82,7 @@ __PACKAGE__->register_method ({
         my ($param) = @_;
  
         my $code = sub {
         my ($param) = @_;
  
         my $code = sub {
+           PVE::Firewall::enable_bridge_firewall();
             PVE::Firewall::compile_and_start($param->{verbose});
         };
  
             PVE::Firewall::compile_and_start($param->{verbose});
         };
author	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 18 Feb 2014 11:07:40 +0000 (12:07 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 18 Feb 2014 11:07:40 +0000 (12:07 +0100)
PVE/Firewall.pm		patch \| blob \| blame \| history
pvefw		patch \| blob \| blame \| history