use extra zone for physical devices

[pve-firewall.git] / pvefw

diff --git a/pvefw b/pvefw
index 1a0631b4bf9870b42d6e96de6a11bbd7d6d7b4a0..978ffb15cdac07e95364d9c52bd137da2cd682f8 100755 (executable)
--- a/pvefw
+++ b/pvefw
@@ -75,25 +75,33 @@ sub parse_fw_rules {
            next;
        }
 
-       if ($iface !~ m/^(all|net0|net1|net2|net3|net4|net5)$/) {
+       $iface = undef if $iface eq '-';
+       if ($iface && $iface !~ m/^(net0|net1|net2|net3|net4|net5)$/) {
            warn "unknown interface '$iface'\n";
            next;
        }
 
+       $proto = undef if $proto eq '-';
        if ($proto && $proto !~ m/^(icmp|tcp|udp)$/) {
            warn "unknown protokol '$proto'\n";
            next;
        }
 
-       if ($source !~ m/^(any)$/) {
-           warn "unknown source '$source'\n";
-           next;
-       }
+       $source = undef if $source eq '-';
 
-       if ($dest !~ m/^(any)$/) {
-           warn "unknown destination '$dest'\n";
-           next;
-       }
+#      if ($source !~ m/^(XYZ)$/) {
+#          warn "unknown source '$source'\n";
+#          next;
+#      }
+
+       $dest = undef if $dest eq '-';
+#      if ($dest !~ m/^XYZ)$/) {
+#          warn "unknown destination '$dest'\n";
+#          next;
+#      }
+
+       $dport = undef if $dport && $dport eq '-';
+       $sport = undef if $sport && $sport eq '-';
 
        my $rule = {
            action => $action,
@@ -121,6 +129,7 @@ sub read_local_vm_config {
     my $list = PVE::QemuServer::config_list();
 
     foreach my $vmid (keys %$list) {
+       # next if $vmid ne '100';
        my $cfspath = PVE::QemuServer::cfs_config_path($vmid);
        if (my $conf = PVE::Cluster::cfs_read_file($cfspath)) {
            $qemu->{$vmid} = $conf;