From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 21 Feb 2014 09:39:13 +0000 (+0100)
Subject: implement simple option parser
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=85c6eaed064ef404a2c290388ed5b94582792348

implement simple option parser
---

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index aaba7f9..09703b0 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -908,10 +908,29 @@ sub parse_fw_rule {
     return $rules;
 }
 
+sub parse_fw_option {
+    my ($line) = @_;
+
+    my ($opt, $value);
+
+    if ($line =~ m/^enable:\s*(0|1)\s*$/i) {
+	$opt = 'enable';
+	$value = int($1);
+    } elsif ($line =~ m/^(policy-(in|out)):\s*(ACCEPT|DROP|REJECT)\s*$/i) {
+	$opt = lc($1);
+	$value = uc($3);
+     } else {
+	chomp $line;
+	die "can't parse option '$line'\n"
+    }
+
+    return ($opt, $value);
+}
+
 sub parse_vm_fw_rules {
     my ($filename, $fh) = @_;
 
-    my $res = { in => [], out => [] };
+    my $res = { in => [], out => [], options => {}};
 
     my $section;
 
@@ -922,8 +941,9 @@ sub parse_vm_fw_rules {
 	my $linenr = $fh->input_line_number();
 	my $prefix = "$filename (line $linenr)";
 
-	if ($line =~ m/^\[(in|out)\]\s*$/i) {
+	if ($line =~ m/^\[(\S+)\]\s*$/i) {
 	    $section = lc($1);
+	    warn "$prefix: ignore unknown section '$section'\n" if !$res->{$section};
 	    next;
 	}
 	if (!$section) {
@@ -931,6 +951,17 @@ sub parse_vm_fw_rules {
 	    next;
 	}
 
+	next if !$res->{$section}; # skip undefined section
+
+	if ($section eq 'options') {
+	    eval { 
+		my ($opt, $value) = parse_fw_option($line); 
+		$res->{options}->{$opt} = $value;
+	    };
+	    warn "$prefix: $@" if $@;
+	    next;
+	}
+
 	my $rules;
 	eval { $rules = parse_fw_rule($line, 1, 1); };
 	if (my $err = $@) {