No description
bed6bf99ec
pve-firewall introduced a new helper for deciding whether to create a firewall bridge for a given tap interface. In addition to checking for nftables, it also checks for the type of the bridge. This fixes an issue with OVS and the nftables firewall, where firewall bridges are still required in order for the guest firewall to work and the new helper in pve-firewall checks for that condition now. Previously, only the vm network script checked the condition for creating a firewall bridge properly, but not the function for hotplugging VM network devices. This caused a firewall bridge to always get created when hotplugging a network device. The additional firewall bridge had no influence on the functionality of nftables, but was unnecessary. For that matter a helper in qemu-server is introduced that should be used by all call sites. Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com> Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> FG: adapted context slightly FG: bump versioned dependency Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> |
||
|---|---|---|
| debian | ||
| src | ||
| .gitignore | ||
| Makefile | ||