From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 26 May 2014 10:55:46 +0000 (+0200)
Subject: skip diabled rules and rules with errors early
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=5383df39a0708988c43d2e62a5da3768e1432d0e

skip diabled rules and rules with errors early
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index f2f5331..aa7de7e 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1774,7 +1774,10 @@ sub enable_host_firewall {
 
     # add host rules first, so that cluster wide rules can be overwritten
     foreach my $rule (@$rules, @$cluster_rules) {
+	next if !$rule->{enable} || $rule->{errors};
+	
 	$rule->{iface_in} = $rule->{iface} if $rule->{iface};
+
 	eval {
 	    if ($rule->{type} eq 'group') {
 		ruleset_add_group_rule($ruleset, $cluster_conf, $chain, $rule, 'IN', $accept_action);
@@ -1824,6 +1827,8 @@ sub enable_host_firewall {
 
     # add host rules first, so that cluster wide rules can be overwritten
     foreach my $rule (@$rules, @$cluster_rules) {
+	next if !$rule->{enable} || $rule->{errors};
+
 	$rule->{iface_out} = $rule->{iface} if $rule->{iface};
 	eval {
 	    if ($rule->{type} eq 'group') {