From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Mon, 6 Jul 2015 08:07:49 +0000 (+0200)
Subject: Add ipv6 macros to the macro list
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=21a18e538b81a4c5ef0ac720df54437fff9b9349

Add ipv6 macros to the macro list

Additionally there's now a way to specify ipv6-only or
ipv4-only macros.
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index a69583b..37538c3 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -500,6 +500,7 @@ my $pve_fw_macros = {
 
 my $pve_fw_parsed_macros;
 my $pve_fw_macro_descr;
+my $pve_fw_macro_ipversion = {};
 my $pve_fw_preferred_macro_names = {};
 
 my $pve_std_chains = {};
@@ -749,14 +750,32 @@ sub init_firewall_macros {
 
     $pve_fw_parsed_macros = {};
 
-    foreach my $k (keys %$pve_fw_macros) {
+    my $parse = sub {
+	my ($k, $macro) = @_;
 	my $lc_name = lc($k);
-	my $macro = $pve_fw_macros->{$k};
-	if (!ref($macro->[0])) {
-	    $pve_fw_macro_descr->{$k} = shift @$macro;
+	$pve_fw_macro_ipversion->{$k} = 0;
+	while (!ref($macro->[0])) {
+	    my $desc = shift @$macro;
+	    if ($desc eq 'ipv4only') {
+		$pve_fw_macro_ipversion->{$k} = 4;
+	    } elsif ($desc eq 'ipv6only') {
+		$pve_fw_macro_ipversion->{$k} = 6;
+	    } else {
+		$pve_fw_macro_descr->{$k} = $desc;
+	    }
 	}
 	$pve_fw_preferred_macro_names->{$lc_name} = $k;
 	$pve_fw_parsed_macros->{$k} = $macro;
+    };
+
+    foreach my $k (keys %$pve_fw_macros) {
+	&$parse($k, $pve_fw_macros->{$k});
+    }
+
+    foreach my $k (keys %$pve_ipv6fw_macros) {
+	next if $pve_fw_parsed_macros->{$k};
+	&$parse($k, $pve_ipv6fw_macros->{$k});
+	$pve_fw_macro_ipversion->{$k} = 6;
     }
 }
 
@@ -1165,6 +1184,9 @@ my $apply_macro = sub {
 	$macro_rules = $pve_ipv6fw_macros->{$macro_name};
     }
 
+    # skip macros which are specific to another ipversion
+    return if ($ipversion//0) != ($pve_fw_macro_ipversion->{$macro_name}//0);
+
     my $rules = [];
 
     foreach my $templ (@$macro_rules) {