use warnings;
use strict;
-use POSIX;
-use Data::Dumper;
use Digest::SHA;
+use Encode;
+use File::Basename;
+use File::Path;
+use IO::File;
+use Net::IP;
+use POSIX;
use Socket qw(AF_INET6 inet_ntop inet_pton);
-use PVE::INotify;
+use Storable qw(dclone);
+
+use PVE::Cluster;
use PVE::Exception qw(raise raise_param_exc);
+use PVE::INotify;
use PVE::JSONSchema qw(register_standard_option get_standard_option);
-use PVE::Cluster;
-use PVE::ProcFSTools;
-use PVE::Tools qw($IPV4RE $IPV6RE);
use PVE::Network;
+use PVE::ProcFSTools;
use PVE::SafeSyslog;
-use File::Basename;
-use File::Path;
-use IO::File;
-use Net::IP;
+use PVE::Tools qw($IPV4RE $IPV6RE);
use PVE::Tools qw(run_command lock_file dir_glob_foreach);
-use Encode;
-use Storable qw(dclone);
-my $hostfw_conf_filename = "/etc/pve/local/host.fw";
my $pvefw_conf_dir = "/etc/pve/firewall";
my $clusterfw_conf_filename = "$pvefw_conf_dir/cluster.fw";
};
my $nodename = PVE::INotify::nodename();
+my $hostfw_conf_filename = "/etc/pve/nodes/$nodename/host.fw";
my $pve_fw_lock_filename = "/var/lock/pvefw.lck";
sub generic_fw_config_parser {
my ($filename, $cluster_conf, $empty_conf, $rule_env) = @_;
- my $fh = IO::File->new($filename, O_RDONLY);
- return {} if !$fh;
-
my $section;
my $group;
my $res = $empty_conf;
- while (defined(my $line = <$fh>)) {
+ my $raw;
+ if ($filename =~ m!^/etc/pve/(.*)$!) {
+ $raw = PVE::Cluster::get_config($1);
+ } else {
+ $raw = eval { PVE::Tools::file_get_contents($filename) }; # ignore errors
+ }
+ return {} if !$raw;
+
+ my $linenr = 0;
+ while ($raw =~ /^\h*(.*?)\h*$/gm) {
+ my $line = $1;
+ $linenr++;
next if $line =~ m/^#/;
next if $line =~ m/^\s*$/;
-
chomp $line;
- my $linenr = $fh->input_line_number();
my $prefix = "$filename (line $linenr)";
if ($empty_conf->{options} && ($line =~ m/^\[options\]$/i)) {