And renamed compile_and_start into apply_ruleset.
return "-A $chain -j LOG --log-prefix \"PVESIG:$sig\" -p tcp -s \"127.128.129.130\" --dport 1\n";
}
-sub compile_and_start {
- my ($verbose) = @_;
+sub apply_ruleset {
+ my ($ruleset, $verbose) = @_;
- my $ruleset = compile();
+ enable_bridge_firewall();
my $cmdlist = "*filter\n"; # we pass this to iptables-restore;
my ($param) = @_;
my $code = sub {
- PVE::Firewall::enable_bridge_firewall();
- PVE::Firewall::compile_and_start($param->{verbose});
+ my $ruleset = PVE::Firewall::compile();
+ PVE::Firewall::apply_ruleset($ruleset, $param->{verbose});
};
PVE::Firewall::run_locked($code);