From 77524769c47cae57a83c6c350536a8e25a3ffa02 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 6 May 2014 12:44:55 +0200
Subject: [PATCH] periodically update firewall rules with pvestatd

---
 bin/pvestatd | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/bin/pvestatd b/bin/pvestatd
index 59d53e1d..5c5c2291 100755
--- a/bin/pvestatd
+++ b/bin/pvestatd
@@ -18,6 +18,7 @@ use PVE::OpenVZ;
 use PVE::RPCEnvironment;
 use PVE::API2::Subscription;
 use PVE::AutoBalloon;
+use PVE::Firewall;
 
 $SIG{'__WARN__'} = sub {
     my $err = $@;
@@ -333,6 +334,13 @@ sub update_storage_status {
     }
 }
 
+sub update_pve_firewall {
+
+    local $SIG{'__WARN__'} = 'IGNORE'; # do not fill up logs
+    
+    PVE::Firewall::update();
+}
+
 sub update_status {
 
     # update worker list. This is not really required and
@@ -374,6 +382,13 @@ sub update_status {
     };
     $err = $@;
     syslog('err', "openvz console cleanup error: $err") if $err;
+
+    eval {
+	update_pve_firewall();
+    };
+    $err = $@;
+    syslog('err', "pve firewall update error: $err") if $err;
+
 }
 
 my $next_update = 0;