From bd60a824555eec55e08909ca189d49962761c93b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Wed, 7 Aug 2019 09:25:36 +0200 Subject: [PATCH] skip tap rule generation if vmfw is disabled MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit like for containers, and adapt code style to be identical. Signed-off-by: Fabian Grünbichler --- src/PVE/Firewall.pm | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 0e15090..ff494d6 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -3592,7 +3592,7 @@ sub compile_iptables_filter { eval { my $conf = $vmdata->{qemu}->{$vmid}; my $vmfw_conf = $vmfw_configs->{$vmid}; - return if !$vmfw_conf; + return if !$vmfw_conf || !$vmfw_conf->{options}->{enable}; foreach my $netid (sort keys %$conf) { next if $netid !~ m/^net(\d+)$/; @@ -3615,9 +3615,7 @@ sub compile_iptables_filter { eval { my $conf = $vmdata->{lxc}->{$vmid}; my $vmfw_conf = $vmfw_configs->{$vmid}; - return if !$vmfw_conf; - - if ($vmfw_conf->{options}->{enable}) { + return if !$vmfw_conf || !$vmfw_conf->{options}->{enable}; foreach my $netid (sort keys %$conf) { next if $netid !~ m/^net(\d+)$/; my $net = PVE::LXC::Config->parse_lxc_network($conf->{$netid}); @@ -3628,7 +3626,6 @@ sub compile_iptables_filter { $vmfw_conf, $vmid, 'IN', $ipversion); generate_tap_rules_direction($ruleset, $cluster_conf, $iface, $netid, $macaddr, $vmfw_conf, $vmid, 'OUT', $ipversion); - } } }; warn $@ if $@; # just to be sure - should not happen -- 2.39.2