From c518c6a893944d57915496d7a0a4a5cbef4f90f7 Mon Sep 17 00:00:00 2001 From: Wolfgang Bumiller Date: Tue, 16 Feb 2016 12:18:55 +0100 Subject: [PATCH] Add ipv6 macros to the macro list Additionally there's now a way to specify ipv6-only or ipv4-only macros. --- src/PVE/Firewall.pm | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index a39cf6d..3057d21 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -506,6 +506,7 @@ my $pve_fw_macros = { my $pve_fw_parsed_macros; my $pve_fw_macro_descr; +my $pve_fw_macro_ipversion = {}; my $pve_fw_preferred_macro_names = {}; my $pve_std_chains = {}; @@ -755,14 +756,32 @@ sub init_firewall_macros { $pve_fw_parsed_macros = {}; - foreach my $k (keys %$pve_fw_macros) { + my $parse = sub { + my ($k, $macro) = @_; my $lc_name = lc($k); - my $macro = $pve_fw_macros->{$k}; - if (!ref($macro->[0])) { - $pve_fw_macro_descr->{$k} = shift @$macro; + $pve_fw_macro_ipversion->{$k} = 0; + while (!ref($macro->[0])) { + my $desc = shift @$macro; + if ($desc eq 'ipv4only') { + $pve_fw_macro_ipversion->{$k} = 4; + } elsif ($desc eq 'ipv6only') { + $pve_fw_macro_ipversion->{$k} = 6; + } else { + $pve_fw_macro_descr->{$k} = $desc; + } } $pve_fw_preferred_macro_names->{$lc_name} = $k; $pve_fw_parsed_macros->{$k} = $macro; + }; + + foreach my $k (keys %$pve_fw_macros) { + &$parse($k, $pve_fw_macros->{$k}); + } + + foreach my $k (keys %$pve_ipv6fw_macros) { + next if $pve_fw_parsed_macros->{$k}; + &$parse($k, $pve_ipv6fw_macros->{$k}); + $pve_fw_macro_ipversion->{$k} = 6; } } @@ -1170,6 +1189,9 @@ my $apply_macro = sub { $macro_rules = $pve_ipv6fw_macros->{$macro_name}; } + # skip macros which are specific to another ipversion + return if ($ipversion//0) != ($pve_fw_macro_ipversion->{$macro_name}//0); + my $rules = []; foreach my $templ (@$macro_rules) { -- 2.39.2