A small helper routine for flushing all conntrack table entries which
are marked with a specific value.
Signed-off-by: Christoph Heiss <c.he...@proxmox.com>
---
Changes v1 -> v2:
* no changes
debian/control | 3 ++-
src/PVE/Firewall/Helpers.pm | 11 +++++++++++
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/debian/control b/debian/control
index 2e8e528..59c45af 100644
--- a/debian/control
+++ b/debian/control
@@ -17,7 +17,8 @@ Standards-Version: 4.6.2
Package: pve-firewall
Architecture: any
Conflicts: ulogd,
-Depends: ebtables,
+Depends: conntrack,
+ ebtables,
ipset,
iptables,
libpve-access-control,
diff --git a/src/PVE/Firewall/Helpers.pm b/src/PVE/Firewall/Helpers.pm
index 0b465ae..1c1692c 100644
--- a/src/PVE/Firewall/Helpers.pm
+++ b/src/PVE/Firewall/Helpers.pm
@@ -16,6 +16,7 @@ lock_vmfw_conf
remove_vmfw_conf
clone_vmfw_conf
collect_refs
+flush_fw_ct_entries_by_mark
);
my $pvefw_conf_dir = "/etc/pve/firewall";
@@ -181,4 +182,14 @@ sub collect_refs {
return $res;
}
+# Flushes all conntrack table entries which are CONNMARK'd with the specified
value.
+sub flush_fw_ct_entries_by_mark {
+ my ($mark) = @_;
+
+ PVE::Tools::run_command(
+ ['conntrack', '--delete', '--mark', $mark],
+ noerr => 1, quiet => 1,
+ );
+}
+
1;
--
2.49.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
