use PVE::Tools;
use PVE::QemuServer;
+my $macros;
+sub get_shorewall_macros {
+
+ return $macros if $macros;
+
+ foreach my $path (</usr/share/shorewall/macro.*>) {
+ if ($path =~ m|/macro\.(\S+)$|) {
+ $macros->{$1} = 1;
+ }
+ }
+ return $macros;
+}
+
my $rule_format = "%-15s %-15s %-15s %-15s %-15s %-15s\n";
my $zone = $net->{zone} || die "internal error";
my $zid = $zoneinfo->{$zone}->{id} || die "internal error";
my $tap = $net->{tap} || die "internal error";
-
- return sprintf($rule_format, $rule->{action}, $rule->{source}, "$zid:$tap",
+
+ my $action = $rule->{service} ?
+ "$rule->{service}($rule->{action})" : $rule->{action};
+
+ return sprintf($rule_format, $action, $rule->{source}, "$zid:$tap",
$rule->{proto} || '-', $rule->{dport} || '-', $rule->{sport} || '-');
};
my $zone = $net->{zone} || die "internal error";
my $zid = $zoneinfo->{$zone}->{id} || die "internal error";
my $tap = $net->{tap} || die "internal error";
+
+ my $action = $rule->{service} ?
+ "$rule->{service}($rule->{action})" : $rule->{action};
- return sprintf($rule_format, $rule->{action}, "$zid:$tap", $rule->{dest},
+ return sprintf($rule_format, $action, "$zid:$tap", $rule->{dest},
$rule->{proto} || '-', $rule->{dport} || '-', $rule->{sport} || '-');
};
sub compile {
my ($targetdir, $vmdata, $rules) = @_;
+ # remove existing data ?
+ foreach my $file (qw(zones rules interfaces maclist policy)) {
+ unlink "$targetdir/$file";
+ }
+
my $netinfo;
my $zoneinfo = {
# do nothing;
} elsif ($zoneinfo->{$z}->{type} eq 'bridge') {
my $bridge = $zoneinfo->{$z}->{bridge} || die "internal error";
- $out .= sprintf($format, $zid, $bridge, 'detect', 'bridge', "# $z");
+ $out .= sprintf($format, $zid, $bridge, 'detect', 'bridge,optional', "# $z");
} elsif ($zoneinfo->{$z}->{type} eq 'bport') {
my $ifaces = $zoneinfo->{$z}->{ifaces};
$format = "%-15s %-15s %-15s %s\n";
$out = sprintf($format, '#SOURCE', 'DEST', 'POLICY', 'LOG');
+ #$out .= sprintf($format, 'fw', 'all', 'ACCEPT', '');
$out .= sprintf($format, 'all', 'all', 'REJECT', 'info');
PVE::Tools::file_set_contents("$targetdir/policy", $out);