| 每次开机后 pve-firewall 自动启动了,
# systemctl status pve-firewall
● pve-firewall.service – Proxmox VE firewall
Loaded: loaded (/lib/systemd/system/pve-firewall.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2022-06-11 10:26:41 CST; 2min 55s ago
Process: 977 ExecStartPre=/usr/bin/update-alternatives –set ebtables /usr/sbin/ebtables-legacy (code=exited, status=0/SUCCESS)
Process: 981 ExecStartPre=/usr/bin/update-alternatives –set iptables /usr/sbin/iptables-legacy (code=exited, status=0/SUCCESS)
Process: 982 ExecStartPre=/usr/bin/update-alternatives –set ip6tables /usr/sbin/ip6tables-legacy (code=exited, status=0/SUCCESS)
Process: 983 ExecStart=/usr/sbin/pve-firewall start (code=exited, status=0/SUCCESS)
Main PID: 985 (pve-firewall)
Tasks: 1 (limit: 9376)
Memory: 82.8M
CPU: 1.337s
CGroup: /system.slice/pve-firewall.service
└─985 pve-firewall
Jun 11 10:26:40 dk systemd[1]: Starting Proxmox VE firewall…
Jun 11 10:26:41 dk pve-firewall[985]: starting server
Jun 11 10:26:41 dk systemd[1]: Started Proxmox VE firewall.
看那个 active running,而且也已经执行了 systemctl disable pve-firewall,
执行 systemctl is-enabled pve-firewall 返回的也是 disabled
然后更重要的是,数据中心、节点和 vm 的 fw 文件, enable 也已经设置成了 0,每次开机还是会自动启动 pve-firewall
求解
附:
# find /etc/ -name "*.fw"
/etc/pve/nodes/dk/host.fw
/etc/pve/firewall/cluster.fw
/etc/pve/firewall/100.fw
这三个文件中的 enable 都已设置成了 0
[OPTIONS]
enable: 0
—-
我的看法:设置 /etc/rc.local 在 exit 0 之前添加 systemctl stop pve-firewall 来控制? |