[pve-devel] [PATCH] add firewall option to qemu network interface

Alexandre Derumier aderumier at odiso.com
Tue Apr 29 13:22:56 CEST 2014


this allow to disable firewall for a specific interface

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 PVE/API2/Qemu.pm  |    6 +++---
 PVE/QemuServer.pm |    5 ++++-
 pve-bridge        |    2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index c06e5c7..829f07f 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -831,9 +831,9 @@ my $vmconfig_update_net = sub {
 		    PVE::Network::tap_rate_limit($iface, $newnet->{rate});
 		}
 
-		if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag})){
-		    eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge}, $oldnet->{tag});};
-		    PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag});
+		if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag}) || ($newnet->{firewall} ne $oldnet->{firewall})){
+		    eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge}, $oldnet->{tag}, $oldnet->{firewall});};
+		    PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag}, $newnet->{firewall});
 		}
 
 	    }else{
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 43b02ee..5489751 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -478,7 +478,7 @@ my $nic_model_list_txt = join(' ', sort @$nic_model_list);
 my $netdesc = {
     optional => 1,
     type => 'string', format => 'pve-qm-net',
-    typetext => "MODEL=XX:XX:XX:XX:XX:XX [,bridge=<dev>][,rate=<mbps>][,tag=<vlanid>]",
+    typetext => "MODEL=XX:XX:XX:XX:XX:XX [,bridge=<dev>][,rate=<mbps>][,tag=<vlanid>][,firewall=1|0]",
     description => <<EODESCR,
 Specify network devices.
 
@@ -1249,6 +1249,7 @@ sub parse_net {
     my ($data) = @_;
 
     my $res = {};
+    $res->{firewall} = 1;
 
     foreach my $kvp (split(/,/, $data)) {
 
@@ -1263,6 +1264,8 @@ sub parse_net {
 	    $res->{rate} = $1;
         } elsif ($kvp =~ m/^tag=(\d+)$/) {
             $res->{tag} = $1;
+        } elsif ($kvp =~ m/^firewall=(\d+)$/) {
+	    $res->{firewall} = undef if $1 == 0;
 	} else {
 	    return undef;
 	}
diff --git a/pve-bridge b/pve-bridge
index 81ad5f4..d6c5eb8 100755
--- a/pve-bridge
+++ b/pve-bridge
@@ -30,6 +30,6 @@ PVE::Network::tap_create($iface, $net->{bridge});
 
 PVE::Network::tap_rate_limit($iface, $net->{rate}) if $net->{rate};
 
-PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag});
+PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag}, $net->{firewall});
 
 exit 0;
-- 
1.7.10.4




More information about the pve-devel mailing list