From: Dietmar Maurer Date: Wed, 4 Jun 2014 05:24:34 +0000 (+0200) Subject: return empty ruleset if firewall disabled in cluster.fw X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=085fd492bf2bb317d50c7de1041958a7d4e78669 return empty ruleset if firewall disabled in cluster.fw --- diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 70d916c..f4f4377 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -2781,6 +2781,8 @@ sub compile { push @{$cluster_conf->{ipset}->{management}}, { cidr => $localnet }; + return ({}, {}) if !$cluster_conf->{options}->{enable}; + my $ruleset = {}; ruleset_create_chain($ruleset, "PVEFW-INPUT"); diff --git a/test/test-basic1/cluster.fw b/test/test-basic1/cluster.fw index e69de29..6dc132a 100644 --- a/test/test-basic1/cluster.fw +++ b/test/test-basic1/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-default-rules1/cluster.fw b/test/test-default-rules1/cluster.fw index bc72078..5ce18dd 100644 --- a/test/test-default-rules1/cluster.fw +++ b/test/test-default-rules1/cluster.fw @@ -1,3 +1,4 @@ [OPTIONS] +enable: 1 policy_out: DROP \ No newline at end of file diff --git a/test/test-errors1/cluster.fw b/test/test-errors1/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-errors1/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-errors2/cluster.fw b/test/test-errors2/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-errors2/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-errors3/cluster.fw b/test/test-errors3/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-errors3/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-errors4/cluster.fw b/test/test-errors4/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-errors4/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-ipset1/cluster.fw b/test/test-ipset1/cluster.fw index d6b9525..56ab13b 100644 --- a/test/test-ipset1/cluster.fw +++ b/test/test-ipset1/cluster.fw @@ -1,3 +1,7 @@ +[OPTIONS] + +enable: 1 + [ALIASES] myserveralias 10.2.0.111 diff --git a/test/test-ipset2/cluster.fw b/test/test-ipset2/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-ipset2/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-unconfigured/cluster.fw b/test/test-unconfigured/cluster.fw index e69de29..10ed0ce 100644 --- a/test/test-unconfigured/cluster.fw +++ b/test/test-unconfigured/cluster.fw @@ -0,0 +1,4 @@ +[OPTIONS] + +enable: 1 + diff --git a/test/test-vm-aliases1/cluster.fw b/test/test-vm-aliases1/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-vm-aliases1/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file