Display corosync rule info on localnet call

[pve-firewall.git] / src / PVE / Service / pve_firewall.pm

diff --git a/src/PVE/Service/pve_firewall.pm b/src/PVE/Service/pve_firewall.pm
index d8e42ec6cf3f9d1f341a6604f7f6e6434f19c1b1..3c1254ba8f2b0624569df62746d2c7b1611235b1 100755 (executable)
--- a/src/PVE/Service/pve_firewall.pm
+++ b/src/PVE/Service/pve_firewall.pm
@@ -10,6 +10,7 @@ use PVE::Tools qw(dir_glob_foreach file_read_firstline);
 use PVE::ProcFSTools;
 use PVE::INotify;
 use PVE::Cluster qw(cfs_read_file);
+use PVE::Corosync;
 use PVE::RPCEnvironment;
 use PVE::CLIHandler;
 use PVE::Firewall;
@@ -264,6 +265,28 @@ __PACKAGE__->register_method ({
            print "using detected local_network: $localnet\n";
        }
 
+       if (PVE::Corosync::check_conf_exists(1)) {
+           my $corosync_conf = PVE::Cluster::cfs_read_file("corosync.conf");
+           my $corosync_node_found = 0;
+
+           print "\naccepting corosync traffic from/to:\n";
+
+           PVE::Corosync::for_all_corosync_addresses($corosync_conf, undef, sub {
+               my ($node_name, $node_ip, $node_ipversion, $key) = @_;
+
+               if (!$corosync_node_found) {
+                   $corosync_node_found = 1;
+               }
+
+               $key =~ m/(?:ring|link)(\d+)_addr/;
+               print " - $node_name: $node_ip (link: $1)\n";
+           });
+
+           if (!$corosync_node_found) {
+               print " - no nodes found\n";
+           }
+       }
+
        return undef;
     }});