From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 30B0A1FF170 for ; Tue, 19 Nov 2024 16:36:14 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4F13B2F29F; Tue, 19 Nov 2024 16:36:15 +0100 (CET) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Tue, 19 Nov 2024 16:36:08 +0100 Message-Id: <20241119153610.228658-4-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241119153610.228658-1-s.hanreich@proxmox.com> References: <20241119153610.228658-1-s.hanreich@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.234 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH pve-firewall v8 3/5] sdn: always include SDN configuration X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" If the cluster configuration does not exist, but in other firewall configuration files there are rules referencing SDN IPsets, validation for those rules fails, because the cluster configuration does not contain the SDN IPSets. This is because generic_fw_config_parser returns an empty hash when there is no cluster configuration file. Signed-off-by: Stefan Hanreich --- src/PVE/Firewall.pm | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 6437db0..7636798 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -3658,6 +3658,9 @@ sub load_clusterfw_conf { my ($filename) = @_; $filename = $clusterfw_conf_filename if !defined($filename); + + my $sdn_conf = load_sdn_conf(); + my $empty_conf = { rules => [], options => {}, @@ -3666,12 +3669,16 @@ sub load_clusterfw_conf { group_comments => {}, ipset => {} , ipset_comments => {}, - sdn => load_sdn_conf(), + sdn => $sdn_conf, }; my $cluster_conf = generic_fw_config_parser($filename, $empty_conf, $empty_conf, 'cluster'); $set_global_log_ratelimit->($cluster_conf->{options}); + if (!$cluster_conf->{sdn}) { + $cluster_conf->{sdn} = $sdn_conf; + } + return $cluster_conf; } -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel