Am 15.11.24 um 13:09 schrieb Stefan Hanreich: > is_nftables is used in the VM and CT network startup scripts to > determine whether the nftables firewall is enabled or not. This causes > issues on container and VM startup when loading the SDN config, since > it requires the RPCEnvironment which is not initialized yet. Therefore > change this check to look for the existence of the flag file instead. > > It also avoids parsing the entire cluster and host firewall > configuration on VM / CT startup, which means increased performance. > > While we're at it, make all methods related to the configuration > parsing private, in order to avoid accidental usage of the expensive > methods. > > Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com> > Reviewed-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > --- > src/PVE/Firewall.pm | 14 +++++++++----- > 1 file changed, 9 insertions(+), 5 deletions(-) > >
applied, thanks! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
