Proxmox/pve-firewall
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-01-07 21:17:59 +03:00
Code Releases Activity

whitespace/indentation/line-length cleanup

Browse Source 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2022-08-25 15:51:11 +02:00
parent 2038e26b8b
commit 4a626429c2
2 changed files with 26 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/PVE/Firewall.pm
View File

@ -3156,13 +3156,13 @@ sub read_local_vm_config {
}
}
} elsif ($d->{type} eq 'lxc') {
if ($have_lxc) {
my $cfspath = PVE::LXC::Config->cfs_config_path($vmid);
if (my $conf = PVE::Cluster::cfs_read_file($cfspath)) {
$lxc->{$vmid} = $conf;
}
}
}
if ($have_lxc) {
my $cfspath = PVE::LXC::Config->cfs_config_path($vmid);
if (my $conf = PVE::Cluster::cfs_read_file($cfspath)) {
$lxc->{$vmid} = $conf;
}
}
}
}
return $vmdata;
@ -4040,7 +4040,7 @@ sub generate_tap_layer2filter {
ruleset_create_chain($ruleset, $tapchain);
if (defined($macaddr) && !(defined($options->{macfilter}) && $options->{macfilter} == 0)) {
ruleset_addrule($ruleset, $tapchain, "-s ! $macaddr", '-j DROP');
ruleset_addrule($ruleset, $tapchain, "-s ! $macaddr", '-j DROP');
}
if (@$arpfilter){

34
src/PVE/Service/pve_firewall.pm
View File

@ -2,20 +2,22 @@ package PVE::Service::pve_firewall;
use strict;
use warnings;
use PVE::SafeSyslog;
use PVE::Daemon;
use Time::HiRes qw (gettimeofday);
use PVE::Tools qw(dir_glob_foreach file_read_firstline);
use PVE::ProcFSTools;
use PVE::INotify;
use Data::Dumper;
use Time::HiRes qw (gettimeofday usleep);
use PVE::CLIHandler;
use PVE::Cluster qw(cfs_read_file);
use PVE::Corosync;
use PVE::Daemon;
use PVE::INotify;
use PVE::ProcFSTools;
use PVE::RPCEnvironment;
use PVE::CLIHandler;
use PVE::SafeSyslog;
use PVE::Tools qw(dir_glob_foreach file_read_firstline);
use PVE::Firewall;
use PVE::FirewallSimulator;
use Data::Dumper;
use base qw(PVE::Daemon);
@ -28,7 +30,6 @@ my $daemon = __PACKAGE__->new('pve-firewall', $cmdline, %daemon_options);
my $nodename = PVE::INotify::nodename();
sub init {
PVE::Cluster::cfs_update();
PVE::Firewall::init();
@ -70,7 +71,6 @@ sub run {
local $SIG{'__WARN__'} = 'IGNORE'; # do not fill up logs
for (;;) { # forever
$next_update = time() + $updatetime;
my ($ccsec, $cusec) = gettimeofday ();
@ -116,9 +116,10 @@ sub run {
$daemon->register_start_command("Start the Proxmox VE firewall service.");
$daemon->register_restart_command(1, "Restart the Proxmox VE firewall service.");
$daemon->register_stop_command("Stop firewall. This removes all Proxmox VE " .
"related iptable rules. " .
"The host is unprotected afterwards.");
$daemon->register_stop_command(
"Stop the Proxmox VE firewall service. Note, stopping actively removes all Proxmox VE related"
." iptable rules rendering the host potentially unprotected."
);
__PACKAGE__->register_method ({
name => 'status',
@ -302,7 +303,8 @@ __PACKAGE__->register_method ({
name => 'simulate',
path => 'simulate',
method => 'GET',
description => "Simulate firewall rules. This does not simulate kernel 'routing' table. Instead, this simply assumes that routing from source zone to destination zone is possible.",
description => "Simulate firewall rules. This does not simulates the kernel 'routing' table,"
." but simply assumes that routing from source zone to destination zone is possible.",
parameters => {
additionalProperties => 0,
properties => {
@ -406,8 +408,8 @@ __PACKAGE__->register_method ({
$test->{action} = 'QUERY';
my $res = PVE::FirewallSimulator::simulate_firewall($ruleset->{filter}, $ipset_ruleset,
$host_ip, $vmdata, $test);
my $res = PVE::FirewallSimulator::simulate_firewall(
$ruleset->{filter}, $ipset_ruleset, $host_ip, $vmdata, $test);
print "ACTION: $res\n";