-sub parse_fw_rules {
- my ($filename, $fh) = @_;
-
- my $section;
-
- my $res = { in => [], out => [] };
-
- my $macros = PVE::Firewall::get_shorewall_macros();
-
- while (defined(my $line = <$fh>)) {
- next if $line =~ m/^#/;
- next if $line =~ m/^\s*$/;
-
- if ($line =~ m/^\[(in|out)\]\s*$/i) {
- $section = lc($1);
- next;
- }
- next if !$section;
-
- my ($action, $iface, $source, $dest, $proto, $dport, $sport) =
- split(/\s+/, $line);
-
- if (!($action && $iface && $source && $dest)) {
- warn "skip incomplete line\n";
- next;
- }
-
- my $service;
- if ($action =~ m/^(ACCEPT|DROP|REJECT)$/) {
- # OK
- } elsif ($action =~ m/^(\S+)\((ACCEPT|DROP|REJECT)\)$/) {
- ($service, $action) = ($1, $2);
- if (!$macros->{$service}) {
- warn "unknown service '$service'\n";
- next;
- }
- } else {
- warn "unknown action '$action'\n";
- next;
- }
-
- if ($iface !~ m/^(all|net0|net1|net2|net3|net4|net5)$/) {
- warn "unknown interface '$iface'\n";
- next;
- }
-
- if ($proto && $proto !~ m/^(icmp|tcp|udp)$/) {
- warn "unknown protokol '$proto'\n";
- next;
- }
-
- if ($source !~ m/^(any)$/) {
- warn "unknown source '$source'\n";
- next;
- }
-
- if ($dest !~ m/^(any)$/) {
- warn "unknown destination '$dest'\n";
- next;
- }
-
- my $rule = {
- action => $action,
- service => $service,
- iface => $iface,
- source => $source,
- dest => $dest,
- proto => $proto,
- dport => $dport,
- sport => $sport,
- };
-
- push @{$res->{$section}}, $rule;
- }
-
- return $res;
-}
-
-sub read_local_vm_config {
-
- my $openvz = {};