add firewall option to qemu network interface

this allow to disable firewall for a specific interface

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

PVE/API2/Qemu.pm

@@ -838,9 +838,9 @@ my $vmconfig_update_net = sub {
 		    PVE::Network::tap_rate_limit($iface, $newnet->{rate});
 		}
 
-		if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag})){
-		    eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge}, $oldnet->{tag});};
-		    PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag});
+		if(($newnet->{bridge} ne $oldnet->{bridge}) || ($newnet->{tag} ne $oldnet->{tag}) || ($newnet->{firewall} ne $oldnet->{firewall})){
+		    eval{PVE::Network::tap_unplug($iface, $oldnet->{bridge}, $oldnet->{tag}, $oldnet->{firewall});};
+		    PVE::Network::tap_plug($iface, $newnet->{bridge}, $newnet->{tag}, $newnet->{firewall});
 		}
 
 	    }else{

PVE/QemuServer.pm

@@ -478,7 +478,7 @@ my $nic_model_list_txt = join(' ', sort @$nic_model_list);
 my $netdesc = {
     optional => 1,
     type => 'string', format => 'pve-qm-net',
-    typetext => "MODEL=XX:XX:XX:XX:XX:XX [,bridge=<dev>][,rate=<mbps>][,tag=<vlanid>]",
+    typetext => "MODEL=XX:XX:XX:XX:XX:XX [,bridge=<dev>][,rate=<mbps>][,tag=<vlanid>][,firewall=0|1]",
     description => <<EODESCR,
 Specify network devices.
 
@@ -1263,6 +1263,8 @@ sub parse_net {
 	    $res->{rate} = $1;
         } elsif ($kvp =~ m/^tag=(\d+)$/) {
             $res->{tag} = $1;
+        } elsif ($kvp =~ m/^firewall=(\d+)$/) {
+	    $res->{firewall} = $1;
 	} else {
 	    return undef;
 	}

pve-bridge

@@ -30,6 +30,6 @@ PVE::Network::tap_create($iface, $net->{bridge});
 
 PVE::Network::tap_rate_limit($iface, $net->{rate}) if $net->{rate};
 
-PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag});
+PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag}, $net->{firewall});
 
 exit 0;