[pve-devel] [PATCH 1/3] add firewall option to qemu network interface
Alexandre Derumier
aderumier at odiso.com
Tue May 6 12:46:34 CEST 2014
this allow to disable firewall for a specific interface
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
PVE/API2/Qemu.pm | 6 +++---
PVE/QemuServer.pm | 5 ++++-
pve-bridge | 2 +-
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index e01b2e9..e7d49d9 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -838,9 +838,9 @@ my $vmconfig_update_net = sub {
PVE::Network::tap_rate_limit($iface, $newnet->{rate});
}
- if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag})){
- eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge}, $oldnet->{tag});};
- PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag});
+ if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag}) || ($newnet->{firewall} ne $oldnet->{firewall})){
+ eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge}, $oldnet->{tag}, $oldnet->{firewall});};
+ PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag}, $newnet->{firewall});
}
}else{
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 43b02ee..5489751 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -478,7 +478,7 @@ my $nic_model_list_txt = join(' ', sort @$nic_model_list);
my $netdesc = {
optional => 1,
type => 'string', format => 'pve-qm-net',
- typetext => "MODEL=XX:XX:XX:XX:XX:XX [,bridge=<dev>][,rate=<mbps>][,tag=<vlanid>]",
+ typetext => "MODEL=XX:XX:XX:XX:XX:XX [,bridge=<dev>][,rate=<mbps>][,tag=<vlanid>][,firewall=1|0]",
description => <<EODESCR,
Specify network devices.
@@ -1249,6 +1249,7 @@ sub parse_net {
my ($data) = @_;
my $res = {};
+ $res->{firewall} = 1;
foreach my $kvp (split(/,/, $data)) {
@@ -1263,6 +1264,8 @@ sub parse_net {
$res->{rate} = $1;
} elsif ($kvp =~ m/^tag=(\d+)$/) {
$res->{tag} = $1;
+ } elsif ($kvp =~ m/^firewall=(\d+)$/) {
+ $res->{firewall} = undef if $1 == 0;
} else {
return undef;
}
diff --git a/pve-bridge b/pve-bridge
index 81ad5f4..d6c5eb8 100755
--- a/pve-bridge
+++ b/pve-bridge
@@ -30,6 +30,6 @@ PVE::Network::tap_create($iface, $net->{bridge});
PVE::Network::tap_rate_limit($iface, $net->{rate}) if $net->{rate};
-PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag});
+PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag}, $net->{firewall});
exit 0;
--
1.7.10.4
More information about the pve-devel
mailing list