[pve-devel] [PATCH proxmox-firewall 2/4] partially fix #6176: ipfilter: honor firewall setting from guest cfg

Stefan Hanreich Wed, 19 Feb 2025 02:10:07 -0800

ipfilter ipsets and rules were still generated, even if the firewall
was disabled for the network device.


Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com>
---
 proxmox-firewall/src/firewall.rs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/proxmox-firewall/src/firewall.rs b/proxmox-firewall/src/firewall.rs
index e980bd5..0e0edf8 100644
--- a/proxmox-firewall/src/firewall.rs
+++ b/proxmox-firewall/src/firewall.rs
@@ -781,6 +781,10 @@ impl Firewall {
             let network_devices = cfg.network_config().network_devices();
 
             for (index, network_device) in network_devices {
+                if !network_device.has_firewall() {
+                    continue;
+                }
+
                 let ipfilter_name = Ipfilter::name_for_index(*index);
 
                 if let Some(ipset) = ipsets.get(&ipfilter_name) {
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH proxmox-firewall 2/4] partially fix #6176: ipfilter: honor firewall setting from guest cfg

Reply via email to