From 085fd492bf2bb317d50c7de1041958a7d4e78669 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Wed, 4 Jun 2014 07:24:34 +0200 Subject: [PATCH] return empty ruleset if firewall disabled in cluster.fw --- src/PVE/Firewall.pm | 2 ++ test/test-basic1/cluster.fw | 3 +++ test/test-default-rules1/cluster.fw | 1 + test/test-errors1/cluster.fw | 3 +++ test/test-errors2/cluster.fw | 3 +++ test/test-errors3/cluster.fw | 3 +++ test/test-errors4/cluster.fw | 3 +++ test/test-ipset1/cluster.fw | 4 ++++ test/test-ipset2/cluster.fw | 3 +++ test/test-unconfigured/cluster.fw | 4 ++++ test/test-vm-aliases1/cluster.fw | 3 +++ 11 files changed, 32 insertions(+) create mode 100644 test/test-errors1/cluster.fw create mode 100644 test/test-errors2/cluster.fw create mode 100644 test/test-errors3/cluster.fw create mode 100644 test/test-errors4/cluster.fw create mode 100644 test/test-ipset2/cluster.fw create mode 100644 test/test-vm-aliases1/cluster.fw diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 70d916c..f4f4377 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -2781,6 +2781,8 @@ sub compile { push @{$cluster_conf->{ipset}->{management}}, { cidr => $localnet }; + return ({}, {}) if !$cluster_conf->{options}->{enable}; + my $ruleset = {}; ruleset_create_chain($ruleset, "PVEFW-INPUT"); diff --git a/test/test-basic1/cluster.fw b/test/test-basic1/cluster.fw index e69de29..6dc132a 100644 --- a/test/test-basic1/cluster.fw +++ b/test/test-basic1/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-default-rules1/cluster.fw b/test/test-default-rules1/cluster.fw index bc72078..5ce18dd 100644 --- a/test/test-default-rules1/cluster.fw +++ b/test/test-default-rules1/cluster.fw @@ -1,3 +1,4 @@ [OPTIONS] +enable: 1 policy_out: DROP \ No newline at end of file diff --git a/test/test-errors1/cluster.fw b/test/test-errors1/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-errors1/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-errors2/cluster.fw b/test/test-errors2/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-errors2/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-errors3/cluster.fw b/test/test-errors3/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-errors3/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-errors4/cluster.fw b/test/test-errors4/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-errors4/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-ipset1/cluster.fw b/test/test-ipset1/cluster.fw index d6b9525..56ab13b 100644 --- a/test/test-ipset1/cluster.fw +++ b/test/test-ipset1/cluster.fw @@ -1,3 +1,7 @@ +[OPTIONS] + +enable: 1 + [ALIASES] myserveralias 10.2.0.111 diff --git a/test/test-ipset2/cluster.fw b/test/test-ipset2/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-ipset2/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file diff --git a/test/test-unconfigured/cluster.fw b/test/test-unconfigured/cluster.fw index e69de29..10ed0ce 100644 --- a/test/test-unconfigured/cluster.fw +++ b/test/test-unconfigured/cluster.fw @@ -0,0 +1,4 @@ +[OPTIONS] + +enable: 1 + diff --git a/test/test-vm-aliases1/cluster.fw b/test/test-vm-aliases1/cluster.fw new file mode 100644 index 0000000..6dc132a --- /dev/null +++ b/test/test-vm-aliases1/cluster.fw @@ -0,0 +1,3 @@ +[options] + +enable: 1 \ No newline at end of file -- 2.39.2