From: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date: Wed, 7 Aug 2019 07:25:36 +0000 (+0200)
Subject: skip tap rule generation if vmfw is disabled
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=bd60a824555eec55e08909ca189d49962761c93b

skip tap rule generation if vmfw is disabled

like for containers, and adapt code style to be identical.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 0e15090..ff494d6 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -3592,7 +3592,7 @@ sub compile_iptables_filter {
 	eval {
 	    my $conf = $vmdata->{qemu}->{$vmid};
 	    my $vmfw_conf = $vmfw_configs->{$vmid};
-	    return if !$vmfw_conf;
+	    return if !$vmfw_conf || !$vmfw_conf->{options}->{enable};
 
 	    foreach my $netid (sort keys %$conf) {
 		next if $netid !~ m/^net(\d+)$/;
@@ -3615,9 +3615,7 @@ sub compile_iptables_filter {
         eval {
             my $conf = $vmdata->{lxc}->{$vmid};
             my $vmfw_conf = $vmfw_configs->{$vmid};
-            return if !$vmfw_conf;
-
-            if ($vmfw_conf->{options}->{enable}) {
+	     return if !$vmfw_conf || !$vmfw_conf->{options}->{enable};
 		foreach my $netid (sort keys %$conf) {
                     next if $netid !~ m/^net(\d+)$/;
                     my $net = PVE::LXC::Config->parse_lxc_network($conf->{$netid});
@@ -3628,7 +3626,6 @@ sub compile_iptables_filter {
                                                  $vmfw_conf, $vmid, 'IN', $ipversion);
                     generate_tap_rules_direction($ruleset, $cluster_conf, $iface, $netid, $macaddr,
                                                  $vmfw_conf, $vmid, 'OUT', $ipversion);
-		}
             }
         };
         warn $@ if $@; # just to be sure - should not happen