by default we enable rules for all the vm net interfaces
./pvefw disablevmfw -vmid 110 [-netid net0]
./pvefw enablevmfw -vmid 110 [-netid net0]
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
if($direction eq 'OUT'){
my $rule = "proxmoxfw-INPUT -m physdev --physdev-$physdevdirection $iface -j $tapchain";
if($direction eq 'OUT'){
my $rule = "proxmoxfw-INPUT -m physdev --physdev-$physdevdirection $iface -j $tapchain";
-
- if(!iptables_rule_exist($rule)){
+ if(iptables_rule_exist($rule)){
iptables_addrule("-D $rule");
}
}
iptables_addrule("-D $rule");
}
}
$rpcenv->set_user('root@pam');
__PACKAGE__->register_method({
$rpcenv->set_user('root@pam');
__PACKAGE__->register_method({
- name => 'enabletaprules',
- path => 'enabletaprules',
+ name => 'enablevmfw',
+ path => 'enablevmfw',
method => 'POST',
parameters => {
additionalProperties => 0,
method => 'POST',
parameters => {
additionalProperties => 0,
vmid => get_standard_option('pve-vmid'),
netid => {
type => 'string',
vmid => get_standard_option('pve-vmid'),
netid => {
type => 'string',
},
},
returns => { type => 'null' },
},
},
returns => { type => 'null' },
my $netid = $param->{netid};
my $conf = PVE::QemuServer::load_config($vmid);
my $netid = $param->{netid};
my $conf = PVE::QemuServer::load_config($vmid);
- my $net = PVE::QemuServer::parse_net($conf->{$netid});
- PVE::Firewall::generate_tap_rules($net, $netid, $vmid);
+ foreach my $opt (keys %$conf) {
+ next if $opt !~ m/^net(\d+)$/;
+ my $net = PVE::QemuServer::parse_net($conf->{$opt});
+ next if !$net;
+ next if $netid && $opt != $netid;
+ PVE::Firewall::generate_tap_rules($net, $opt, $vmid);
+ }
return undef;
}});
__PACKAGE__->register_method({
return undef;
}});
__PACKAGE__->register_method({
- name => 'disabletaprules',
- path => 'disabletaprules',
+ name => 'disablevmfw',
+ path => 'disablevmfw',
method => 'POST',
parameters => {
additionalProperties => 0,
method => 'POST',
parameters => {
additionalProperties => 0,
vmid => get_standard_option('pve-vmid'),
netid => {
type => 'string',
vmid => get_standard_option('pve-vmid'),
netid => {
type => 'string',
my $netid = $param->{netid};
my $conf = PVE::QemuServer::load_config($vmid);
my $netid = $param->{netid};
my $conf = PVE::QemuServer::load_config($vmid);
- my $net = PVE::QemuServer::parse_net($conf->{$netid});
- PVE::Firewall::flush_tap_rules($net, $netid, $vmid);
+ foreach my $opt (keys %$conf) {
+ next if $opt !~ m/^net(\d+)$/;
+ my $net = PVE::QemuServer::parse_net($conf->{$opt});
+ next if !$net;
+ next if $netid && $opt != $netid;
+ PVE::Firewall::flush_tap_rules($net, $opt, $vmid);
+ }
restart => [ __PACKAGE__, 'restart', []],
stop => [ __PACKAGE__, 'stop', []],
clear => [ __PACKAGE__, 'clear', []],
restart => [ __PACKAGE__, 'restart', []],
stop => [ __PACKAGE__, 'stop', []],
clear => [ __PACKAGE__, 'clear', []],
- enabletaprules => [ __PACKAGE__, 'enabletaprules', []],
- disabletaprules => [ __PACKAGE__, 'disabletaprules', []],
+ enablevmfw => [ __PACKAGE__, 'enablevmfw', []],
+ disablevmfw => [ __PACKAGE__, 'disablevmfw', []],
enablehostfw => [ __PACKAGE__, 'enablehostfw', []],
disablehostfw => [ __PACKAGE__, 'disablehostfw', []],
};
enablehostfw => [ __PACKAGE__, 'enablehostfw', []],
disablehostfw => [ __PACKAGE__, 'disablehostfw', []],
};