From 5383df39a0708988c43d2e62a5da3768e1432d0e Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 26 May 2014 12:55:46 +0200
Subject: [PATCH] skip diabled rules and rules with errors early

---
 src/PVE/Firewall.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index f2f5331..aa7de7e 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1774,7 +1774,10 @@ sub enable_host_firewall {
 
     # add host rules first, so that cluster wide rules can be overwritten
     foreach my $rule (@$rules, @$cluster_rules) {
+	next if !$rule->{enable} || $rule->{errors};
+	
 	$rule->{iface_in} = $rule->{iface} if $rule->{iface};
+
 	eval {
 	    if ($rule->{type} eq 'group') {
 		ruleset_add_group_rule($ruleset, $cluster_conf, $chain, $rule, 'IN', $accept_action);
@@ -1824,6 +1827,8 @@ sub enable_host_firewall {
 
     # add host rules first, so that cluster wide rules can be overwritten
     foreach my $rule (@$rules, @$cluster_rules) {
+	next if !$rule->{enable} || $rule->{errors};
+
 	$rule->{iface_out} = $rule->{iface} if $rule->{iface};
 	eval {
 	    if ($rule->{type} eq 'group') {
-- 
2.39.2