From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 20 May 2014 05:52:46 +0000 (+0200)
Subject: do not enable VM firewall by default
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=03940656731dcba00612dedbd21655a5b4767c1c

do not enable VM firewall by default

Else we get different behavior with empty vs. non-existinf <VMID>.fw
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index b477bc7..3affb2a 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2665,7 +2665,7 @@ sub compile {
 	my $conf = $vmdata->{qemu}->{$vmid};
 	my $vmfw_conf = $vmfw_configs->{$vmid};
 	next if !$vmfw_conf;
-	next if defined($vmfw_conf->{options}->{enable}) && ($vmfw_conf->{options}->{enable} == 0);
+	next if !$vmfw_conf->{options}->{enable};
 
 	foreach my $netid (keys %$conf) {
 	    next if $netid !~ m/^net(\d+)$/;
@@ -2687,7 +2687,7 @@ sub compile {
 
 	my $vmfw_conf = $vmfw_configs->{$vmid};
 	next if !$vmfw_conf;
-	next if defined($vmfw_conf->{options}->{enable}) && ($vmfw_conf->{options}->{enable} == 0);
+	next if !$vmfw_conf->{options}->{enable};
 
 	if ($conf->{ip_address} && $conf->{ip_address}->{value}) {
 	    my $ip = $conf->{ip_address}->{value};
diff --git a/test/test-default-rules1/101.fw b/test/test-default-rules1/101.fw
index 5c9000d..1a2b222 100644
--- a/test/test-default-rules1/101.fw
+++ b/test/test-default-rules1/101.fw
@@ -1 +1,3 @@
-# empty file (enables firewall)
\ No newline at end of file
+[OPTIONS]
+
+enable: 1
diff --git a/test/test-default-rules1/201.fw b/test/test-default-rules1/201.fw
index 5c9000d..1a2b222 100644
--- a/test/test-default-rules1/201.fw
+++ b/test/test-default-rules1/201.fw
@@ -1 +1,3 @@
-# empty file (enables firewall)
\ No newline at end of file
+[OPTIONS]
+
+enable: 1
diff --git a/test/test-group1/100.fw b/test/test-group1/100.fw
index 7ab0e23..b6d279f 100644
--- a/test/test-group1/100.fw
+++ b/test/test-group1/100.fw
@@ -1,3 +1,7 @@
+[OPTIONS]
+
+enable: 1
+
 [RULES]
 
 IN ACCEPT -source 192.168.2.1 -p tcp -dport 22 
diff --git a/test/test-group1/200.fw b/test/test-group1/200.fw
index 6653c44..0353856 100644
--- a/test/test-group1/200.fw
+++ b/test/test-group1/200.fw
@@ -1,3 +1,7 @@
+[OPTIONS]
+
+enable: 1
+
 [RULES]
 
 IN ACCEPT -source 192.168.2.1 -p tcp -dport 22 
diff --git a/test/test-unconfigured/101.fw b/test/test-unconfigured/101.fw
index 5c9000d..1a2b222 100644
--- a/test/test-unconfigured/101.fw
+++ b/test/test-unconfigured/101.fw
@@ -1 +1,3 @@
-# empty file (enables firewall)
\ No newline at end of file
+[OPTIONS]
+
+enable: 1
diff --git a/test/test-unconfigured/201.fw b/test/test-unconfigured/201.fw
index 5c9000d..1a2b222 100644
--- a/test/test-unconfigured/201.fw
+++ b/test/test-unconfigured/201.fw
@@ -1 +1,3 @@
-# empty file (enables firewall)
\ No newline at end of file
+[OPTIONS]
+
+enable: 1