ruleset_generate_vm_rules: use 'warn' instead of 'die'
authorDietmar Maurer <dietmar@proxmox.com>
Tue, 22 Apr 2014 07:08:05 +0000 (09:08 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Tue, 22 Apr 2014 07:08:05 +0000 (09:08 +0200)
We want to be able to update our rules, even if somebody defined
a wrong rule for his VM.

src/PVE/Firewall.pm

index 01de542..0d9dcde 100644 (file)
@@ -1525,12 +1525,18 @@ sub ruleset_generate_vm_rules {
 
        } else {
            next if $rule->{type} ne $lc_direction;
-           if ($direction eq 'OUT') {
-               ruleset_generate_rule($ruleset, $chain, $rule,
-                                     { ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" }, undef, $cluster_conf);
-           } else {
-               ruleset_generate_rule($ruleset, $chain, $rule, { ACCEPT => $in_accept , REJECT => "PVEFW-reject" }, undef, $cluster_conf);
-           }
+           eval {
+               if ($direction eq 'OUT') {
+                   ruleset_generate_rule($ruleset, $chain, $rule,
+                                         { ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" }, 
+                                         undef, $cluster_conf);
+               } else {
+                   ruleset_generate_rule($ruleset, $chain, $rule, 
+                                         { ACCEPT => $in_accept , REJECT => "PVEFW-reject" }, 
+                                         undef, $cluster_conf);
+               }
+           };
+           warn $@ if $@;
        }
     }
 }