From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 15 Apr 2014 08:38:40 +0000 (+0200)
Subject: correctly initialize std chains
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=12f3796ee9543697fb0d5568eb5ce4e1c1154942

correctly initialize std chains

Else those chains grow if called from a daemon.
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index d5d4950..8ddd468 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2277,6 +2277,7 @@ sub generate_std_chains {
 
     # same as shorewall smurflog.
     my $chain = 'PVEFW-smurflog';
+    $pve_std_chains->{$chain} = [];
 
     push @{$pve_std_chains->{$chain}}, get_log_rule_base($chain, 0, "DROP: ", $loglevel) if $loglevel;
     push @{$pve_std_chains->{$chain}}, "-j DROP";
@@ -2284,6 +2285,8 @@ sub generate_std_chains {
     # same as shorewall logflags action.
     $loglevel = get_option_log_level($options, 'tcp_flags_log_level');
     $chain = 'PVEFW-logflags';
+    $pve_std_chains->{$chain} = [];
+
     # fixme: is this correctly logged by pvewf-logger? (ther is no --log-ip-options for NFLOG)
     push @{$pve_std_chains->{$chain}}, get_log_rule_base($chain, 0, "DROP: ", $loglevel) if $loglevel;
     push @{$pve_std_chains->{$chain}}, "-j DROP";
@@ -2493,7 +2496,6 @@ sub compile {
 
     my $routing_table = read_proc_net_route();
 
-
     my $ipset_ruleset = {};
     generate_ipset_chains($ipset_ruleset, $cluster_conf);