From: Thomas Lamprecht Date: Thu, 25 Aug 2022 13:51:11 +0000 (+0200) Subject: whitespace/indentation/line-length cleanup X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=4a626429c259c992a1e692379737e5fef4b82492 whitespace/indentation/line-length cleanup Signed-off-by: Thomas Lamprecht --- diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 71746d2..e2331d8 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -3156,13 +3156,13 @@ sub read_local_vm_config { } } } elsif ($d->{type} eq 'lxc') { - if ($have_lxc) { - my $cfspath = PVE::LXC::Config->cfs_config_path($vmid); - if (my $conf = PVE::Cluster::cfs_read_file($cfspath)) { - $lxc->{$vmid} = $conf; - } - } - } + if ($have_lxc) { + my $cfspath = PVE::LXC::Config->cfs_config_path($vmid); + if (my $conf = PVE::Cluster::cfs_read_file($cfspath)) { + $lxc->{$vmid} = $conf; + } + } + } } return $vmdata; @@ -4040,7 +4040,7 @@ sub generate_tap_layer2filter { ruleset_create_chain($ruleset, $tapchain); if (defined($macaddr) && !(defined($options->{macfilter}) && $options->{macfilter} == 0)) { - ruleset_addrule($ruleset, $tapchain, "-s ! $macaddr", '-j DROP'); + ruleset_addrule($ruleset, $tapchain, "-s ! $macaddr", '-j DROP'); } if (@$arpfilter){ diff --git a/src/PVE/Service/pve_firewall.pm b/src/PVE/Service/pve_firewall.pm index 5a62f3d..67b7c44 100755 --- a/src/PVE/Service/pve_firewall.pm +++ b/src/PVE/Service/pve_firewall.pm @@ -2,20 +2,22 @@ package PVE::Service::pve_firewall; use strict; use warnings; -use PVE::SafeSyslog; -use PVE::Daemon; -use Time::HiRes qw (gettimeofday); -use PVE::Tools qw(dir_glob_foreach file_read_firstline); -use PVE::ProcFSTools; -use PVE::INotify; +use Data::Dumper; +use Time::HiRes qw (gettimeofday usleep); + +use PVE::CLIHandler; use PVE::Cluster qw(cfs_read_file); use PVE::Corosync; +use PVE::Daemon; +use PVE::INotify; +use PVE::ProcFSTools; use PVE::RPCEnvironment; -use PVE::CLIHandler; +use PVE::SafeSyslog; +use PVE::Tools qw(dir_glob_foreach file_read_firstline); + use PVE::Firewall; use PVE::FirewallSimulator; -use Data::Dumper; use base qw(PVE::Daemon); @@ -28,7 +30,6 @@ my $daemon = __PACKAGE__->new('pve-firewall', $cmdline, %daemon_options); my $nodename = PVE::INotify::nodename(); sub init { - PVE::Cluster::cfs_update(); PVE::Firewall::init(); @@ -70,7 +71,6 @@ sub run { local $SIG{'__WARN__'} = 'IGNORE'; # do not fill up logs for (;;) { # forever - $next_update = time() + $updatetime; my ($ccsec, $cusec) = gettimeofday (); @@ -116,9 +116,10 @@ sub run { $daemon->register_start_command("Start the Proxmox VE firewall service."); $daemon->register_restart_command(1, "Restart the Proxmox VE firewall service."); -$daemon->register_stop_command("Stop firewall. This removes all Proxmox VE " . - "related iptable rules. " . - "The host is unprotected afterwards."); +$daemon->register_stop_command( + "Stop the Proxmox VE firewall service. Note, stopping actively removes all Proxmox VE related" + ." iptable rules rendering the host potentially unprotected." +); __PACKAGE__->register_method ({ name => 'status', @@ -302,7 +303,8 @@ __PACKAGE__->register_method ({ name => 'simulate', path => 'simulate', method => 'GET', - description => "Simulate firewall rules. This does not simulate kernel 'routing' table. Instead, this simply assumes that routing from source zone to destination zone is possible.", + description => "Simulate firewall rules. This does not simulates the kernel 'routing' table," + ." but simply assumes that routing from source zone to destination zone is possible.", parameters => { additionalProperties => 0, properties => { @@ -406,8 +408,8 @@ __PACKAGE__->register_method ({ $test->{action} = 'QUERY'; - my $res = PVE::FirewallSimulator::simulate_firewall($ruleset->{filter}, $ipset_ruleset, - $host_ip, $vmdata, $test); + my $res = PVE::FirewallSimulator::simulate_firewall( + $ruleset->{filter}, $ipset_ruleset, $host_ip, $vmdata, $test); print "ACTION: $res\n";