From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 22 Apr 2014 06:53:48 +0000 (+0200)
Subject: ruleset_generate_rule: update all or nothing
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=d4091b82a4ec15672557b629c505b395ef8dba1f

ruleset_generate_rule: update all or nothing

And use 'warn' instead of 'die' if alias does not exists.
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index dcd6639..8c8db82 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1309,11 +1309,18 @@ sub ruleset_generate_rule {
 	$rules = [ $rule ];
     }
 
+    # update all or nothing
+
+    my @cmds = ();
     foreach my $tmp (@$rules) {
 	if (my $cmdstr = ruleset_generate_cmdstr($ruleset, $chain, $tmp, $actions, $goto, $cluster_conf)) {
-	    ruleset_addrule($ruleset, $chain, $cmdstr);
+	    push @cmds, $cmdstr;
 	}
     }
+
+    foreach my $cmdstr (@cmds) {
+	ruleset_addrule($ruleset, $chain, $cmdstr);
+    }
 }
 
 sub ruleset_generate_rule_insert {
@@ -2415,9 +2422,12 @@ sub generate_ipset {
     my $nethash = {};
     foreach my $entry (@$options) {
 	my $cidr = $entry->{cidr};
-	if ($cidr =~ m/^${ip_alias_pattern}$/){
-	    die "no such alias $cidr" if !$aliases->{$cidr};
-	    $entry->{cidr} = $aliases->{$cidr};
+	if ($cidr =~ m/^${ip_alias_pattern}$/) {
+	    if ($aliases->{$cidr}) {
+		$entry->{cidr} = $aliases->{$cidr};
+	    } else {
+		warn "no such alias '$cidr'\n" if !$aliases->{$cidr};
+	    }
 	}
 	$nethash->{$entry->{cidr}} = $entry;
     }