From 0e8af63ddb8a58ff2cda9d8595478a673f563d06 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Wed, 10 Jul 2019 11:59:19 +0200 Subject: [PATCH] ebtables: remove PVE chains properly MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit when globally disabling the FW, or on shutdown of firewall service. Signed-off-by: Fabian Grünbichler --- src/PVE/Firewall.pm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 96c45e9..3b67186 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -4269,6 +4269,7 @@ sub remove_pvefw_chains { PVE::Firewall::remove_pvefw_chains_iptables("iptables"); PVE::Firewall::remove_pvefw_chains_iptables("ip6tables"); PVE::Firewall::remove_pvefw_chains_ipset(); + PVE::Firewall::remove_pvefw_chains_ebtables(); } @@ -4314,6 +4315,11 @@ sub remove_pvefw_chains_ipset { ipset_restore_cmdlist($cmdlist) if $cmdlist; } +sub remove_pvefw_chains_ebtables { + # apply empty ruleset = remove all our chains + ebtables_restore_cmdlist(get_ebtables_cmdlist({})); +} + sub init { my $cluster_conf = load_clusterfw_conf(); my $cluster_options = $cluster_conf->{options}; -- 2.39.2