split compile from apply
authorDietmar Maurer <dietmar@proxmox.com>
Tue, 18 Feb 2014 11:15:26 +0000 (12:15 +0100)
committerDietmar Maurer <dietmar@proxmox.com>
Tue, 18 Feb 2014 11:15:26 +0000 (12:15 +0100)
And renamed compile_and_start into apply_ruleset.

PVE/Firewall.pm
pvefw

index 47862f1..2de8334 100644 (file)
@@ -702,10 +702,10 @@ sub print_sig_rule {
     return "-A $chain -j LOG --log-prefix \"PVESIG:$sig\" -p tcp -s \"127.128.129.130\" --dport 1\n";
 }
 
-sub compile_and_start {
-    my ($verbose) = @_;
+sub apply_ruleset {
+    my ($ruleset, $verbose) = @_;
 
-    my $ruleset = compile();
+    enable_bridge_firewall();
 
     my $cmdlist = "*filter\n"; # we pass this to iptables-restore;
 
diff --git a/pvefw b/pvefw
index 4370678..1c346b5 100755 (executable)
--- a/pvefw
+++ b/pvefw
@@ -82,8 +82,8 @@ __PACKAGE__->register_method ({
        my ($param) = @_;
 
        my $code = sub {
-           PVE::Firewall::enable_bridge_firewall();
-           PVE::Firewall::compile_and_start($param->{verbose});
+           my $ruleset = PVE::Firewall::compile();
+           PVE::Firewall::apply_ruleset($ruleset, $param->{verbose});
        };
 
        PVE::Firewall::run_locked($code);