From 259db1e6564e2b01a3bd256ee0855e6bf3cd0d63 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 28 Nov 2014 07:09:37 +0100
Subject: [PATCH] save restore commands into files (debug help)

To make it easier to debug restore errors.
---
 src/PVE/Firewall.pm | 17 +++++++++++++++++
 src/pve-firewall    |  2 ++
 2 files changed, 19 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index fcbac36..1fbd403 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -37,6 +37,10 @@ eval {
     $have_pve_manager = 1;
 };
 
+my $pve_fw_status_dir = "/var/lib/pve-firewall";
+
+mkdir $pve_fw_status_dir; # make sure this exists
+
 my $security_group_name_pattern = '[A-Za-z][A-Za-z0-9\-\_]+';
 my $ipset_name_pattern = '[A-Za-z][A-Za-z0-9\-\_]+';
 our $ip_alias_pattern = '[A-Za-z][A-Za-z0-9\-\_]+';
@@ -3427,11 +3431,24 @@ sub apply_ruleset {
 	}
     }
 
+    my $tmpfile = "$pve_fw_status_dir/ipsetcmdlist1";
+    PVE::Tools::file_set_contents($tmpfile, $ipset_create_cmdlist || '');
+
     ipset_restore_cmdlist($ipset_create_cmdlist);
 
+    $tmpfile = "$pve_fw_status_dir/ip4cmdlist";
+    PVE::Tools::file_set_contents($tmpfile, $cmdlist || '');
+
     iptables_restore_cmdlist($cmdlist);
+
+    $tmpfile = "$pve_fw_status_dir/ip6cmdlist";
+    PVE::Tools::file_set_contents($tmpfile, $cmdlistv6 || '');
+
     ip6tables_restore_cmdlist($cmdlistv6);
 
+    $tmpfile = "$pve_fw_status_dir/ipsetcmdlist2";
+    PVE::Tools::file_set_contents($tmpfile, $ipset_delete_cmdlist || '');
+
     ipset_restore_cmdlist($ipset_delete_cmdlist) if $ipset_delete_cmdlist;
 
     # test: re-read status and check if everything is up to date
diff --git a/src/pve-firewall b/src/pve-firewall
index e7a2337..f2ccd30 100755
--- a/src/pve-firewall
+++ b/src/pve-firewall
@@ -49,6 +49,8 @@ my $commandline = [$0, @ARGV];
 
 $0 = "pve-firewall";
 
+mkdir "/var/lib/pve-firewall";
+
 sub restart_server {
     my ($waittime) = @_;
 
-- 
2.39.2