From: Dietmar Maurer Date: Tue, 25 Feb 2014 10:54:38 +0000 (+0100) Subject: implement 'enable' option X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=fa9c4a6f5fe43d9cefc118edce279451261b24f2;hp=e0809a95feca2f714f6e008dec7e2e7355ff6cf7 implement 'enable' option And pass whole VM firewall config to generate_tap_rules_direction. That way we have acces to {options} section. --- diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm index e6de3fd..d36dae9 100644 --- a/PVE/Firewall.pm +++ b/PVE/Firewall.pm @@ -657,7 +657,10 @@ sub generate_bridge_chains { } sub generate_tap_rules_direction { - my ($ruleset, $group_rules, $iface, $netid, $macaddr, $rules, $bridge, $direction) = @_; + my ($ruleset, $group_rules, $iface, $netid, $macaddr, $vmfw_conf, $bridge, $direction) = @_; + + my $rules = $vmfw_conf->{lc($direction)}; + my $options = $vmfw_conf->{options}; my $tapchain = "$iface-$direction"; @@ -1128,10 +1131,9 @@ sub compile { # generate firewall rules for QEMU VMs foreach my $vmid (keys %{$vmdata->{qemu}}) { my $conf = $vmdata->{qemu}->{$vmid}; - - next if !$rules->{$vmid}; - my $options = $rules->{$vmid}->{options}; - next if defined($options->{enable}) && ($options->{enable} == 0); + my $vmfw_conf = $rules->{$vmid}; + next if !$vmfw_conf; + next if defined($vmfw_conf->{options}->{enable}) && ($vmfw_conf->{options}->{enable} == 0); foreach my $netid (keys %$conf) { next if $netid !~ m/^net(\d+)$/; @@ -1148,8 +1150,8 @@ sub compile { generate_bridge_chains($ruleset, $bridge); my $macaddr = $net->{macaddr}; - generate_tap_rules_direction($ruleset, $group_rules, $iface, $netid, $macaddr, $rules->{$vmid}->{in}, $bridge, 'IN'); - generate_tap_rules_direction($ruleset, $group_rules, $iface, $netid, $macaddr, $rules->{$vmid}->{out}, $bridge, 'OUT'); + generate_tap_rules_direction($ruleset, $group_rules, $iface, $netid, $macaddr, $vmfw_conf, $bridge, 'IN'); + generate_tap_rules_direction($ruleset, $group_rules, $iface, $netid, $macaddr, $vmfw_conf, $bridge, 'OUT'); } }