From 921dfb335df6cb4804520c562985a962e62d969b Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 22 Apr 2014 09:08:05 +0200
Subject: [PATCH] ruleset_generate_vm_rules: use 'warn' instead of 'die'

We want to be able to update our rules, even if somebody defined
a wrong rule for his VM.
---
 src/PVE/Firewall.pm | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 01de542..0d9dcde 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1525,12 +1525,18 @@ sub ruleset_generate_vm_rules {
 
 	} else {
 	    next if $rule->{type} ne $lc_direction;
-	    if ($direction eq 'OUT') {
-		ruleset_generate_rule($ruleset, $chain, $rule,
-				      { ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" }, undef, $cluster_conf);
-	    } else {
-		ruleset_generate_rule($ruleset, $chain, $rule, { ACCEPT => $in_accept , REJECT => "PVEFW-reject" }, undef, $cluster_conf);
-	    }
+	    eval {
+		if ($direction eq 'OUT') {
+		    ruleset_generate_rule($ruleset, $chain, $rule,
+					  { ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" }, 
+					  undef, $cluster_conf);
+		} else {
+		    ruleset_generate_rule($ruleset, $chain, $rule, 
+					  { ACCEPT => $in_accept , REJECT => "PVEFW-reject" }, 
+					  undef, $cluster_conf);
+		}
+	    };
+	    warn $@ if $@;
 	}
     }
 }
-- 
2.39.2