From b3b7974f9aaed5242b9526f19fef6b23f183cc24 Mon Sep 17 00:00:00 2001
From: Oguz Bektas <o.bektas@proxmox.com>
Date: Wed, 29 Jun 2022 13:07:08 +0200
Subject: [PATCH] fix #4018: add firewall macro for SPICE

uses port 3128 (same as squid)

although it's enabled by default for the "management" ipset, it doesn't
hurt to add it in there.

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---
 src/PVE/Firewall.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 56868d4..96149c5 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -494,6 +494,10 @@ my $pve_fw_macros = {
 	{ action => 'PARAM', proto => '41' },
 	{ action => 'PARAM', proto => 'udp', dport => '5072,8374' },
     ],
+    'SPICE' => [
+	"SPICE display proxy traffic",
+	{ action => 'PARAM', proto => 'tcp', dport => '3128' },
+    ],
     'Squid' => [
 	"Squid web proxy traffic",
 	{ action => 'PARAM', proto => 'tcp', dport => '3128' },