From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 19 Feb 2014 07:26:22 +0000 (+0100)
Subject: correctly remove stale chains
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=f5d28682f6a611bc3aaa94e778991f3838cbd21a

correctly remove stale chains
---

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index d266bd6..d24ca63 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -746,8 +746,7 @@ sub apply_ruleset {
 	    }
 	    $cmdlist .= print_sig_rule($chain, $stat->{sig});
 	} elsif ($stat->{action} eq 'delete') {
-	    $cmdlist .= "-F $chain\n";
-	    $cmdlist .= "-X $chain\n";
+	    die "internal error"; # this should not happen
 	} elsif ($stat->{action} eq 'exists') {
 	    # do nothing
 	} else {
@@ -755,6 +754,15 @@ sub apply_ruleset {
 	}
     }
 
+    foreach my $chain (keys %$statushash) {
+	next if $statushash->{$chain}->{action} ne 'delete';
+	$cmdlist .= "-F $chain\n";
+    }
+    foreach my $chain (keys %$statushash) {
+	next if $statushash->{$chain}->{action} ne 'delete';
+	$cmdlist .= "-X $chain\n";
+    }
+
     $cmdlist .= "COMMIT\n";
 
     print $cmdlist if $verbose;