From 4b96e87759bac374f695143f584f69c1855aa878 Mon Sep 17 00:00:00 2001 From: Alexandre Derumier Date: Tue, 1 Apr 2014 16:06:13 +0200 Subject: [PATCH] prefix ipset chains with PVEFW- Signed-off-by: Alexandre Derumier --- src/PVE/Firewall.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index e63ca63..751cc9f 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -895,7 +895,7 @@ sub ipset_get_chains { return if $line =~ m/^#/; return if $line =~ m/^\s*$/; - if ($line =~ m/^(?:\S+)\s(\S+)\s(?:\S+).*/) { + if ($line =~ m/^(?:\S+)\s(PVEFW-\S+)\s(?:\S+).*/) { my $chain = $1; $line =~ s/\s+$//; # delete trailing white space push @{$chains->{$chain}}, $line; @@ -936,7 +936,7 @@ sub ruleset_generate_cmdstr { if ($source){ if($source =~ m/^(\+)(\S+)$/){ die "no such netgroup $2" if !$cluster_conf->{ipset}->{$2}; - push @cmd, "-m set --match-set $2 src"; + push @cmd, "-m set --match-set PVEFW-$2 src"; }elsif ($source =~ m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){ push @cmd, "-m iprange --src-range $source"; @@ -949,7 +949,7 @@ sub ruleset_generate_cmdstr { if ($dest){ if($dest =~ m/^(\+)(\S+)$/){ die "no such netgroup $2" if !$cluster_conf->{ipset}->{$2}; - push @cmd, "-m set --match-set $2 dst"; + push @cmd, "-m set --match-set PVEFW-$2 dst"; }elsif ($dest =~ m/^(\d+)\.(\d+).(\d+).(\d+)\-(\d+)\.(\d+).(\d+).(\d+)$/){ push @cmd, "-m iprange --dst-range $dest"; @@ -2054,7 +2054,7 @@ sub generate_ipset_chains { my ($ipset_ruleset, $fw_conf) = @_; foreach my $ipset (keys %{$fw_conf->{ipset}}) { - generate_ipset($ipset_ruleset, $ipset, $fw_conf->{ipset}->{$ipset}); + generate_ipset($ipset_ruleset, "PVEFW-$ipset", $fw_conf->{ipset}->{$ipset}); } } -- 2.39.2