X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=PVE%2FFirewall.pm;h=56125f120e6fbdb0e159a1aecb7fab130fb47056;hp=bf1b840dfe7ce2dd66099c9edeb6a66d8499a32a;hb=026a646624bd6ca3225d3ad74549368041daead6;hpb=dddd9413980599d04520a4c8202fe6ee1453face

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index bf1b840..56125f1 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -49,6 +49,8 @@ sub compile {
 	fw => { type => 'firewall' },
     };
 
+    my $maclist = {};
+
     my $register_bridge;
 
     $register_bridge = sub {
@@ -99,6 +101,7 @@ sub compile {
 
 	    my $vmzone = $conf->{zone} || "vm$vmid";
 	    $net->{tap} = "tap${vmid}i${netnum}";
+	    $maclist->{$net->{tap}} = $net->{macaddr} || die "internal error";
 	    $net->{zone} = &$register_bridge_port($net->{bridge}, $net->{tag}, $vmzone, $net->{tap});
 	    $netinfo->{$vmid}->{$opt} = $net;
 	}
@@ -129,19 +132,19 @@ sub compile {
 
     my $out;
 
-    my $format = "%-15s %-10s %s\n";
-    $out = sprintf($format, '#ZONE', 'TYPE', 'OPTIONS');
+    my $format = "%-15s %-10s %-15s %s\n";
+    $out = sprintf($format, '#ZONE', 'TYPE', 'OPTIONS', '');
     
     foreach my $z (sort keys %$zoneinfo) {
 	my $zid = $zoneinfo->{$z}->{id};
 	if ($zoneinfo->{$z}->{type} eq 'firewall') {
-	    $out .= sprintf($format, $zid, $zoneinfo->{$z}->{type}, '');
+	    $out .= sprintf($format, $zid, $zoneinfo->{$z}->{type}, '' , "# $z");
 	} elsif ($zoneinfo->{$z}->{type} eq 'bridge') {
-	    $out .= sprintf($format, $zid, 'ipv4', '');
+	    $out .= sprintf($format, $zid, 'ipv4', '', "# $z");
 	} elsif ($zoneinfo->{$z}->{type} eq 'bport') {
 	    my $bridge_zone = $zoneinfo->{$z}->{bridge_zone} || die "internal error";
 	    my $bzid = $zoneinfo->{$bridge_zone}->{id} || die "internal error";
-	    $out .= sprintf($format, "$zid:$bzid", 'bport', '');
+	    $out .= sprintf($format, "$zid:$bzid", 'bport', '', "# $z");
 	} else {
 	    die "internal error";
 	}
@@ -153,8 +156,11 @@ sub compile {
 
     # dump interfaces
 
-    $format = "%-15s %-20s %-10s %s\n";
-    $out = sprintf($format, '#ZONE', 'INTERFACE', 'BROADCAST', 'OPTIONS');
+    $format = "%-15s %-20s %-10s %-15s %s\n";
+    $out = sprintf($format, '#ZONE', 'INTERFACE', 'BROADCAST', 'OPTIONS', '');
+
+    my $maclist_format = "%-15s %-15s %-15s\n";
+    my $macs = sprintf($maclist_format, '#DISPOSITION', 'INTERFACE', 'MACZONE');
 
     foreach my $z (sort keys %$zoneinfo) {
 	my $zid = $zoneinfo->{$z}->{id};
@@ -162,7 +168,7 @@ sub compile {
 	    # do nothing;
 	} elsif ($zoneinfo->{$z}->{type} eq 'bridge') {
 	    my $bridge = $zoneinfo->{$z}->{bridge} || die "internal error";
-	    $out .= sprintf($format, $zid, $bridge, 'detect', 'bridge');
+	    $out .= sprintf($format, $zid, $bridge, 'detect', 'bridge', "# $z");
 
 	} elsif ($zoneinfo->{$z}->{type} eq 'bport') {
 	    my $ifaces = $zoneinfo->{$z}->{ifaces};
@@ -170,7 +176,8 @@ sub compile {
 		my $bridge_zone = $zoneinfo->{$z}->{bridge_zone} || die "internal error";
 		my $bridge = $zoneinfo->{$bridge_zone}->{bridge} || die "internal error";
 		my $iftxt = "$bridge:$iface";
-		$out .= sprintf($format, $zid, $iftxt, '', '');
+		$out .= sprintf($format, $zid, $iftxt, '-', 'maclist', "# $z");
+		$macs .= sprintf($maclist_format, 'ACCEPT', $iface, $maclist->{$iface});
 	    }
 	} else {
 	    die "internal error";
@@ -181,6 +188,9 @@ sub compile {
 
     PVE::Tools::file_set_contents("$targetdir/interfaces", $out);
 
+    # dump maclist
+    PVE::Tools::file_set_contents("$targetdir/maclist", $macs);
+
     # dump policy
 
     $format = "%-15s %-15s %-15s %s\n";