]> git.proxmox.com Git - pve-firewall.git/commitdiff
projects / pve-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 489f9bf)
skip tap rule generation if vmfw is disabled
authorFabian Grünbichler <f.gruenbichler@proxmox.com>
Wed, 7 Aug 2019 07:25:36 +0000 (09:25 +0200)
committerFabian Grünbichler <f.gruenbichler@proxmox.com>
Wed, 7 Aug 2019 07:35:44 +0000 (09:35 +0200)
like for containers, and adapt code style to be identical.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
(cherry picked from commit bd60a824555eec55e08909ca189d49962761c93b)

src/PVE/Firewall.pm patch | blob | blame | history

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index b08cea57312b9e6a54680e24abced4e4de4c47be..e8bcec4069c7e1969f07fdbfe3eaf619d7e29694 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3544,7 +3544,7 @@ sub compile_iptables_filter {
        eval {
            my $conf = $vmdata->{qemu}->{$vmid};
            my $vmfw_conf = $vmfw_configs->{$vmid};
-           return if !$vmfw_conf;
+           return if !$vmfw_conf || !$vmfw_conf->{options}->{enable};
 
            foreach my $netid (sort keys %$conf) {
                next if $netid !~ m/^net(\d+)$/;
@@ -3567,9 +3567,7 @@ sub compile_iptables_filter {
         eval {
             my $conf = $vmdata->{lxc}->{$vmid};
             my $vmfw_conf = $vmfw_configs->{$vmid};
-            return if !$vmfw_conf;
-
-            if ($vmfw_conf->{options}->{enable}) {
+            return if !$vmfw_conf || !$vmfw_conf->{options}->{enable};
                foreach my $netid (sort keys %$conf) {
                     next if $netid !~ m/^net(\d+)$/;
                     my $net = PVE::LXC::Config->parse_lxc_network($conf->{$netid});
@@ -3580,7 +3578,6 @@ sub compile_iptables_filter {
                                                  $vmfw_conf, $vmid, 'IN', $ipversion);
                     generate_tap_rules_direction($ruleset, $cluster_conf, $iface, $netid, $macaddr,
                                                  $vmfw_conf, $vmid, 'OUT', $ipversion);
-               }
             }
         };
         warn $@ if $@; # just to be sure - should not happen
Firewall test scripts