From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 3 Aug 2012 10:33:20 +0000 (+0200)
Subject: generate example zone and interfaces file
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=886aba9c18188f736c28483eeec52add4790f5ee;ds=sidebyside

generate example zone and interfaces file
---

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index f75879e..6565212 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -14,21 +14,81 @@ sub compile {
 
     my $netinfo;
 
+    my $bridges = {};
+    my $zoneinfo = {
+	fw => { type => 'firewall' },
+    };
+
     foreach my $vmid (keys %{$vmdata->{qemu}}) {
 	$netinfo->{$vmid} = {};
 	my $conf = $vmdata->{qemu}->{$vmid};
 	foreach my $opt (keys %$conf) {
 	    next if $opt !~ m/^net(\d+)$/;
+	    my $netid = $1;
 	    my $net = PVE::QemuServer::parse_net($conf->{$opt});
 	    next if !$net;
-	    $netinfo->{$vmid} = $net;
+	    die "implement me" if !$net->{bridge};
+	    my $bridge = $net->{bridge};
+	    $bridges->{$bridge} = 1;
+	    $zoneinfo->{$bridge}->{type} = 'ipv4';
+	    $zoneinfo->{$bridge}->{ifaces}->{$bridge} = 1;
+	    if (defined($net->{tag})) {
+		$bridge = $bridge .= "v$net->{tag}";
+		$bridges->{$bridge} = 1;
+		$zoneinfo->{$bridge}->{type} = 'ipv4';
+		$zoneinfo->{$bridge}->{ifaces}->{$bridge} = 1;
+	    }
+
+	    my $zone = $bridge . ($conf->{zone} || "vm$vmid");
+	    $net->{zone} = $zone;
+	    $zoneinfo->{$zone}->{type} = 'bport';
+	    $zoneinfo->{$zone}->{bridge} = $bridge;
+	    $zoneinfo->{$zone}->{ifaces}->{"tap${vmid}i${netid}"} = 1;
+	    $netinfo->{$vmid}->{$netid} = $net;
+	}
+    }
+
+    #print Dumper($netinfo);
+
+    # TODO: zone names have length limit, so we need to
+    # translate them into shorter names 
+
+    # dump zone file
+
+    print "DUMP: zones\n";
+    my $format = "%-15s %-10s %s\n";
+    printf($format, '#ZONE', 'TYPE', 'OPTIONS');
+
+    foreach my $z (sort keys %$zoneinfo) {
+	printf($format, $z, $zoneinfo->{$z}->{type}, '');
+    }
+
+    print "#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE\n";
+
+    print "\n";
+    print "DUMP: interfaces\n";
+
+    $format = "%-15s %-20s %-10s %s\n";
+    printf($format, '#ZONE', 'INTERFACE', 'BROADCAST', 'OPTIONS');
+    foreach my $z (sort keys %$zoneinfo) {
+	my $ifaces = $zoneinfo->{$z}->{ifaces};
+	foreach my $iface (sort keys %$ifaces) {
+	    my $broadcast =  $zoneinfo->{$z}->{type} eq 'ipv4' ? 'detect' : '';
+	    my $options =  $bridges->{$iface} ? 'bridge' : '';
+	    my $bridge = $zoneinfo->{$z}->{bridge} || '';
+	    my $iftxt = $zoneinfo->{$z}->{bridge} ? "$zoneinfo->{$z}->{bridge}:$iface" : $iface;
+	    printf($format, $z, $iftxt, $broadcast, $options);
 	}
     }
 
-    print Dumper($netinfo);
+    print "#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE\n";
+
+    print "\n";
+
 
 }
 
+
 sub activate {
 
 }
diff --git a/fwtest.pl b/fwtest.pl
index 4e3a637..f04b67e 100755
--- a/fwtest.pl
+++ b/fwtest.pl
@@ -12,6 +12,15 @@ my $vmdata = {
 	101 => {
 	    net0 => 'rtl8139=0E:9D:ED:CC:9B:ED,bridge=vmbr0',
 	},
+	102 => {
+	    zone => 'z1',
+	    net0 => 'rtl8139=0E:9D:ED:CC:AA:ED,bridge=vmbr0',
+	},
+	103 => {
+	    zone => 'z1',
+	    net0 => 'rtl8139=0E:9D:ED:CC:BC:ED,bridge=vmbr0',
+	    net1 => 'rtl8139=0E:9D:ED:CC:BC:AA,tag=5,bridge=vmbr0',
+	},
     },
 };