Proxmox/pve-firewall
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-01-19 14:03:53 +03:00
Code Releases Activity

sdn: always include SDN configuration

Browse Source 
If the cluster configuration does not exist, but in other firewall
configuration files there are rules referencing SDN IPsets, validation
for those rules fails, because the cluster configuration does not
contain the SDN IPSets. This is because generic_fw_config_parser
returns an empty hash when there is no cluster configuration file.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
This commit is contained in:
Stefan Hanreich 2024-11-19 16:36:08 +01:00 committed by Thomas Lamprecht
parent 2e9eb2dbd8
commit 75a84a6b9e
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/PVE/Firewall.pm
View File

@ -3658,6 +3658,9 @@ sub load_clusterfw_conf {
my ($filename) = @_;
$filename = $clusterfw_conf_filename if !defined($filename);
my $sdn_conf = load_sdn_conf();
my $empty_conf = {
rules => [],
options => {},
@ -3666,12 +3669,16 @@ sub load_clusterfw_conf {
group_comments => {},
ipset => {} ,
ipset_comments => {},
sdn => load_sdn_conf(),
sdn => $sdn_conf,
};
my $cluster_conf = generic_fw_config_parser($filename, $empty_conf, $empty_conf, 'cluster');
$set_global_log_ratelimit->($cluster_conf->{options});
if (!$cluster_conf->{sdn}) {
$cluster_conf->{sdn} = $sdn_conf;
}
return $cluster_conf;
}