Currently we can't use ipsets defined in cluster in host rules host.fw ---------- [OPTIONS]
log_level_in: debug enable: 1 tcp_flags_log_level: debug log_level_out: debug tcpflags: 1 smurf_log_level: debug [RULES] IN ACCEPT -source +whitelist in sub update { my $hostfw_conf = load_hostfw_conf(); } $VAR1 = { 'options' => { 'enable' => 1, 'log_level_in' => 'debug', 'tcp_flags_log_level' => 'debug', 'log_level_out' => 'debug', 'tcpflags' => 1, 'smurf_log_level' => 'debug' }, 'ipset' => {}, 'rules' => [ { 'source' => '+whitelist', 'enable' => 1, 'errors' => { 'source' => 'no such ipset \'whitelist\'' }, 'action' => 'ACCEPT', 'type' => 'in' } ] }; Signed-off-by: Alexandre Derumier <aderum...@odiso.com> --- src/PVE/Firewall.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index abf591b..958927a 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -3560,7 +3560,7 @@ sub update { return; } - my $hostfw_conf = load_hostfw_conf(); + my $hostfw_conf = load_hostfw_conf($cluster_conf); my ($ruleset, $ipset_ruleset, $rulesetv6) = compile($cluster_conf, $hostfw_conf); -- 1.7.10.4 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel