]> git.proxmox.com Git - pve-firewall.git/commitdiff
projects / pve-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 318d0f9)
do not enable VM firewall by default
authorDietmar Maurer <dietmar@proxmox.com>
Tue, 20 May 2014 05:52:46 +0000 (07:52 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Tue, 20 May 2014 05:52:46 +0000 (07:52 +0200)
Else we get different behavior with empty vs. non-existinf <VMID>.fw

src/PVE/Firewall.pm patch | blob | blame | history
test/test-default-rules1/101.fw patch | blob | blame | history
test/test-default-rules1/201.fw patch | blob | blame | history
test/test-group1/100.fw patch | blob | blame | history
test/test-group1/200.fw patch | blob | blame | history
test/test-unconfigured/101.fw patch | blob | blame | history
test/test-unconfigured/201.fw patch | blob | blame | history

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index b477bc7e31167327da0d58de6d437f1a943f368a..3affb2adfc80de2bad385982a44436b595473fdf 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2665,7 +2665,7 @@ sub compile {
        my $conf = $vmdata->{qemu}->{$vmid};
        my $vmfw_conf = $vmfw_configs->{$vmid};
        next if !$vmfw_conf;
        my $conf = $vmdata->{qemu}->{$vmid};
        my $vmfw_conf = $vmfw_configs->{$vmid};
        next if !$vmfw_conf;
-       next if defined($vmfw_conf->{options}->{enable}) && ($vmfw_conf->{options}->{enable} == 0);
+       next if !$vmfw_conf->{options}->{enable};
 
        foreach my $netid (keys %$conf) {
            next if $netid !~ m/^net(\d+)$/;
 
        foreach my $netid (keys %$conf) {
            next if $netid !~ m/^net(\d+)$/;
@@ -2687,7 +2687,7 @@ sub compile {
 
        my $vmfw_conf = $vmfw_configs->{$vmid};
        next if !$vmfw_conf;
 
        my $vmfw_conf = $vmfw_configs->{$vmid};
        next if !$vmfw_conf;
-       next if defined($vmfw_conf->{options}->{enable}) && ($vmfw_conf->{options}->{enable} == 0);
+       next if !$vmfw_conf->{options}->{enable};
 
        if ($conf->{ip_address} && $conf->{ip_address}->{value}) {
            my $ip = $conf->{ip_address}->{value};
 
        if ($conf->{ip_address} && $conf->{ip_address}->{value}) {
            my $ip = $conf->{ip_address}->{value};
diff --git a/test/test-default-rules1/101.fw b/test/test-default-rules1/101.fw
index 5c9000d2ac1a1c7df52897b9da8bd8c974eeacff..1a2b2226dced23b5121662aa895547e65c090d46 100644 (file)
--- a/test/test-default-rules1/101.fw
+++ b/test/test-default-rules1/101.fw
@@ -1 +1,3 @@
-# empty file (enables firewall)
\ No newline at end of file
+[OPTIONS]
+
+enable: 1
diff --git a/test/test-default-rules1/201.fw b/test/test-default-rules1/201.fw
index 5c9000d2ac1a1c7df52897b9da8bd8c974eeacff..1a2b2226dced23b5121662aa895547e65c090d46 100644 (file)
--- a/test/test-default-rules1/201.fw
+++ b/test/test-default-rules1/201.fw
@@ -1 +1,3 @@
-# empty file (enables firewall)
\ No newline at end of file
+[OPTIONS]
+
+enable: 1
diff --git a/test/test-group1/100.fw b/test/test-group1/100.fw
index 7ab0e23b2a7a3aecdf9fe1ddfb27a2b0621d76f5..b6d279f4506903e8954475a524a9d6e44cc09988 100644 (file)
--- a/test/test-group1/100.fw
+++ b/test/test-group1/100.fw
@@ -1,3 +1,7 @@
+[OPTIONS]
+
+enable: 1
+
 [RULES]
 
 IN ACCEPT -source 192.168.2.1 -p tcp -dport 22 
 [RULES]
 
 IN ACCEPT -source 192.168.2.1 -p tcp -dport 22 
diff --git a/test/test-group1/200.fw b/test/test-group1/200.fw
index 6653c44a49c447d5cad995ed39c9597b1e1139dd..0353856a9a454580cf30eb7753af6fe6ad617e2e 100644 (file)
--- a/test/test-group1/200.fw
+++ b/test/test-group1/200.fw
@@ -1,3 +1,7 @@
+[OPTIONS]
+
+enable: 1
+
 [RULES]
 
 IN ACCEPT -source 192.168.2.1 -p tcp -dport 22 
 [RULES]
 
 IN ACCEPT -source 192.168.2.1 -p tcp -dport 22 
diff --git a/test/test-unconfigured/101.fw b/test/test-unconfigured/101.fw
index 5c9000d2ac1a1c7df52897b9da8bd8c974eeacff..1a2b2226dced23b5121662aa895547e65c090d46 100644 (file)
--- a/test/test-unconfigured/101.fw
+++ b/test/test-unconfigured/101.fw
@@ -1 +1,3 @@
-# empty file (enables firewall)
\ No newline at end of file
+[OPTIONS]
+
+enable: 1
diff --git a/test/test-unconfigured/201.fw b/test/test-unconfigured/201.fw
index 5c9000d2ac1a1c7df52897b9da8bd8c974eeacff..1a2b2226dced23b5121662aa895547e65c090d46 100644 (file)
--- a/test/test-unconfigured/201.fw
+++ b/test/test-unconfigured/201.fw
@@ -1 +1,3 @@
-# empty file (enables firewall)
\ No newline at end of file
+[OPTIONS]
+
+enable: 1
Firewall test scripts