this allow to disable firewall for a specific interface
Signed-off-by: Alexandre Derumier <[email protected]>
---
PVE/API2/Qemu.pm | 6 +++---
PVE/QemuServer.pm | 5 ++++-
pve-bridge | 2 +-
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index e01b2e9..e7d49d9 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -838,9 +838,9 @@ my $vmconfig_update_net = sub {
PVE::Network::tap_rate_limit($iface, $newnet->{rate});
}
- if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag}
ne $oldnet->{tag})){
- eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge},
$oldnet->{tag});};
- PVE::Network::tap_plug($iface, $newnet->{bridge},
$newnet->{tag});
+ if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag}
ne $oldnet->{tag}) || ($newnet->{firewall} ne $oldnet->{firewall})){
+ eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge},
$oldnet->{tag}, $oldnet->{firewall});};
+ PVE::Network::tap_plug($iface, $newnet->{bridge},
$newnet->{tag}, $newnet->{firewall});
}
}else{
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 43b02ee..5489751 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -478,7 +478,7 @@ my $nic_model_list_txt = join(' ', sort @$nic_model_list);
my $netdesc = {
optional => 1,
type => 'string', format => 'pve-qm-net',
- typetext => "MODEL=XX:XX:XX:XX:XX:XX
[,bridge=<dev>][,rate=<mbps>][,tag=<vlanid>]",
+ typetext => "MODEL=XX:XX:XX:XX:XX:XX
[,bridge=<dev>][,rate=<mbps>][,tag=<vlanid>][,firewall=1|0]",
description => <<EODESCR,
Specify network devices.
@@ -1249,6 +1249,7 @@ sub parse_net {
my ($data) = @_;
my $res = {};
+ $res->{firewall} = 1;
foreach my $kvp (split(/,/, $data)) {
@@ -1263,6 +1264,8 @@ sub parse_net {
$res->{rate} = $1;
} elsif ($kvp =~ m/^tag=(\d+)$/) {
$res->{tag} = $1;
+ } elsif ($kvp =~ m/^firewall=(\d+)$/) {
+ $res->{firewall} = undef if $1 == 0;
} else {
return undef;
}
diff --git a/pve-bridge b/pve-bridge
index 81ad5f4..d6c5eb8 100755
--- a/pve-bridge
+++ b/pve-bridge
@@ -30,6 +30,6 @@ PVE::Network::tap_create($iface, $net->{bridge});
PVE::Network::tap_rate_limit($iface, $net->{rate}) if $net->{rate};
-PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag});
+PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag}, $net->{firewall});
exit 0;
--
1.7.10.4
_______________________________________________
pve-devel mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
