X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=PVE%2FFirewall.pm;h=d36dae9e4fa83f696bff1d4d0047aad741caea9e;hp=e6de3fdc6d1f41e4f0e813d965b1d50d17df7d6b;hb=fa9c4a6f5fe43d9cefc118edce279451261b24f2;hpb=e0809a95feca2f714f6e008dec7e2e7355ff6cf7

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index e6de3fd..d36dae9 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -657,7 +657,10 @@ sub generate_bridge_chains {
 }
 
 sub generate_tap_rules_direction {
-    my ($ruleset, $group_rules, $iface, $netid, $macaddr, $rules, $bridge, $direction) = @_;
+    my ($ruleset, $group_rules, $iface, $netid, $macaddr, $vmfw_conf, $bridge, $direction) = @_;
+
+    my $rules = $vmfw_conf->{lc($direction)};
+    my $options = $vmfw_conf->{options};
 
     my $tapchain = "$iface-$direction";
 
@@ -1128,10 +1131,9 @@ sub compile {
     # generate firewall rules for QEMU VMs 
     foreach my $vmid (keys %{$vmdata->{qemu}}) {
 	my $conf = $vmdata->{qemu}->{$vmid};
-
-	next if !$rules->{$vmid};
-	my $options = $rules->{$vmid}->{options};
-	next if defined($options->{enable}) && ($options->{enable} == 0);
+	my $vmfw_conf = $rules->{$vmid};
+	next if !$vmfw_conf;
+	next if defined($vmfw_conf->{options}->{enable}) && ($vmfw_conf->{options}->{enable} == 0);
 
 	foreach my $netid (keys %$conf) {
 	    next if $netid !~ m/^net(\d+)$/;
@@ -1148,8 +1150,8 @@ sub compile {
 	    generate_bridge_chains($ruleset, $bridge);
 
 	    my $macaddr = $net->{macaddr};
-	    generate_tap_rules_direction($ruleset, $group_rules, $iface, $netid, $macaddr, $rules->{$vmid}->{in}, $bridge, 'IN');
-	    generate_tap_rules_direction($ruleset, $group_rules, $iface, $netid, $macaddr, $rules->{$vmid}->{out}, $bridge, 'OUT');
+	    generate_tap_rules_direction($ruleset, $group_rules, $iface, $netid, $macaddr, $vmfw_conf, $bridge, 'IN');
+	    generate_tap_rules_direction($ruleset, $group_rules, $iface, $netid, $macaddr, $vmfw_conf, $bridge, 'OUT');
 	}
     }