rename ./pvefw enabletaprules -> ./pvefw enablevmfw

by default we enable rules for all the vm net interfaces

./pvefw disablevmfw -vmid 110 [-netid net0]
./pvefw enablevmfw -vmid 110 [-netid net0]

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index de25b045bd897b5ad9892180aa820b46c76b61b8..5396bcdd2b9eefaadfb6c0dae93b375323c5f7c3 100644 (file)
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -337,8 +337,7 @@ sub flush_tap_rules_direction {
 
        if($direction eq 'OUT'){
            my $rule = "proxmoxfw-INPUT -m physdev --physdev-$physdevdirection $iface -j $tapchain";
-
-           if(!iptables_rule_exist($rule)){
+           if(iptables_rule_exist($rule)){
                iptables_addrule("-D $rule");
            }
        }

diff --git a/pvefw b/pvefw
index 25c4f8a8b0b8e80a65d759673343414877296de0..2d4d4503481824e6c1103d9c560771f04705386e 100755 (executable)
--- a/pvefw
+++ b/pvefw
@@ -30,8 +30,8 @@ $rpcenv->set_language($ENV{LANG});
 $rpcenv->set_user('root@pam');
 
 __PACKAGE__->register_method({
-    name => 'enabletaprules',
-    path => 'enabletaprules',
+    name => 'enablevmfw',
+    path => 'enablevmfw',
     method => 'POST',
     parameters => {
         additionalProperties => 0,
@@ -39,8 +39,8 @@ __PACKAGE__->register_method({
             vmid => get_standard_option('pve-vmid'),
             netid => {
                 type => 'string',
+               optional => 1
             },
-
         },
     },
     returns => { type => 'null' },
@@ -52,16 +52,21 @@ __PACKAGE__->register_method({
         my $netid = $param->{netid};
 
        my $conf = PVE::QemuServer::load_config($vmid);
-       my $net = PVE::QemuServer::parse_net($conf->{$netid});
 
-       PVE::Firewall::generate_tap_rules($net, $netid, $vmid);
+       foreach my $opt (keys %$conf) {
+            next if $opt !~ m/^net(\d+)$/;
+            my $net = PVE::QemuServer::parse_net($conf->{$opt});
+            next if !$net;
+           next if $netid && $opt != $netid;
+           PVE::Firewall::generate_tap_rules($net, $opt, $vmid);
+       }
 
         return undef;
     }});
 
 __PACKAGE__->register_method({
-    name => 'disabletaprules',
-    path => 'disabletaprules',
+    name => 'disablevmfw',
+    path => 'disablevmfw',
     method => 'POST',
     parameters => {
         additionalProperties => 0,
@@ -69,6 +74,7 @@ __PACKAGE__->register_method({
             vmid => get_standard_option('pve-vmid'),
             netid => {
                 type => 'string',
+               optional => 1
             },
 
         },
@@ -82,9 +88,14 @@ __PACKAGE__->register_method({
         my $netid = $param->{netid};
 
        my $conf = PVE::QemuServer::load_config($vmid);
-       my $net = PVE::QemuServer::parse_net($conf->{$netid});
 
-       PVE::Firewall::flush_tap_rules($net, $netid, $vmid);
+       foreach my $opt (keys %$conf) {
+            next if $opt !~ m/^net(\d+)$/;
+            my $net = PVE::QemuServer::parse_net($conf->{$opt});
+            next if !$net;
+           next if $netid && $opt != $netid;
+           PVE::Firewall::flush_tap_rules($net, $opt, $vmid);
+       }
 
         return undef;
     }});
@@ -228,8 +239,8 @@ my $cmddef = {
     restart => [ __PACKAGE__, 'restart', []],
     stop => [ __PACKAGE__, 'stop', []],
     clear => [ __PACKAGE__, 'clear', []],
-    enabletaprules => [ __PACKAGE__, 'enabletaprules', []],
-    disabletaprules => [ __PACKAGE__, 'disabletaprules', []],
+    enablevmfw => [ __PACKAGE__, 'enablevmfw', []],
+    disablevmfw => [ __PACKAGE__, 'disablevmfw', []],
     enablehostfw => [ __PACKAGE__, 'enablehostfw', []],
     disablehostfw => [ __PACKAGE__, 'disablehostfw', []],
 };