[pve-manager.git] / www / manager6 / grid / FirewallOptions.js

Ext.define('PVE.FirewallOptions', {
    extend: 'Proxmox.grid.ObjectGrid',
    alias: ['widget.pveFirewallOptions'],

    fwtype: undefined, // 'dc', 'node' or 'vm'

    base_url: undefined,

    initComponent: function() {
	var me = this;

	if (!me.base_url) {
	    throw "missing base_url configuration";
	}

	if (me.fwtype === 'dc' || me.fwtype === 'node' || me.fwtype === 'vm') {
	    if (me.fwtype === 'node') {
		me.cwidth1 = 250;
	    }
	} else {
	    throw "unknown firewall option type";
	}

	let caps = Ext.state.Manager.get('GuiCap');
	let canEdit = caps.vms['VM.Config.Network'] || caps.dc['Sys.Modify'] || caps.nodes['Sys.Modify'];

	me.rows = {};

	var add_boolean_row = function(name, text, defaultValue) {
	    me.add_boolean_row(name, text, { defaultValue: defaultValue });
	};
	var add_integer_row = function(name, text, minValue, labelWidth) {
	    me.add_integer_row(name, text, {
		minValue: minValue,
		deleteEmpty: true,
		labelWidth: labelWidth,
		renderer: function(value) {
		    if (value === undefined) {
			return Proxmox.Utils.defaultText;
		    }

		    return value;
		},
	    });
	};

	var add_log_row = function(name, labelWidth) {
	    me.rows[name] = {
		header: name,
		required: true,
		defaultValue: 'nolog',
		editor: {
		    xtype: 'proxmoxWindowEdit',
		    subject: name,
		    fieldDefaults: { labelWidth: labelWidth || 100 },
		    items: {
			xtype: 'pveFirewallLogLevels',
			name: name,
			fieldLabel: name,
		    },
		},
	    };
	};

	if (me.fwtype === 'node') {
	    me.rows.enable = {
		required: true,
		defaultValue: 1,
		header: gettext('Firewall'),
		renderer: Proxmox.Utils.format_boolean,
		editor: {
		    xtype: 'pveFirewallEnableEdit',
		    defaultValue: 1,
		},
	    };
	    add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
	    add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
	    add_boolean_row('ndp', 'NDP', 1);
	    add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120);
	    add_integer_row('nf_conntrack_tcp_timeout_established',
			    'nf_conntrack_tcp_timeout_established', 7875, 250);
	    add_log_row('log_level_in');
	    add_log_row('log_level_out');
	    add_log_row('tcp_flags_log_level', 120);
	    add_log_row('smurf_log_level');
	} else if (me.fwtype === 'vm') {
	    me.rows.enable = {
		required: true,
		defaultValue: 0,
		header: gettext('Firewall'),
		renderer: Proxmox.Utils.format_boolean,
		editor: {
		    xtype: 'pveFirewallEnableEdit',
		    defaultValue: 0,
		},
	    };
	    add_boolean_row('dhcp', 'DHCP', 1);
	    add_boolean_row('ndp', 'NDP', 1);
	    add_boolean_row('radv', gettext('Router Advertisement'), 0);
	    add_boolean_row('macfilter', gettext('MAC filter'), 1);
	    add_boolean_row('ipfilter', gettext('IP filter'), 0);
	    add_log_row('log_level_in');
	    add_log_row('log_level_out');
	} else if (me.fwtype === 'dc') {
	    add_boolean_row('enable', gettext('Firewall'), 0);
	    add_boolean_row('ebtables', 'ebtables', 1);
	    me.rows.log_ratelimit = {
		header: gettext('Log rate limit'),
		required: true,
		defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)',
		editor: {
		    xtype: 'pveFirewallLograteEdit',
		    defaultValue: 'enable=1',
		},
	    };
	}

	if (me.fwtype === 'dc' || me.fwtype === 'vm') {
	    me.rows.policy_in = {
		header: gettext('Input Policy'),
		required: true,
		defaultValue: 'DROP',
		editor: {
		    xtype: 'proxmoxWindowEdit',
		    subject: gettext('Input Policy'),
		    items: {
			xtype: 'pveFirewallPolicySelector',
			name: 'policy_in',
			value: 'DROP',
			fieldLabel: gettext('Input Policy'),
		    },
		},
	    };

	    me.rows.policy_out = {
		header: gettext('Output Policy'),
		required: true,
		defaultValue: 'ACCEPT',
		editor: {
		    xtype: 'proxmoxWindowEdit',
		    subject: gettext('Output Policy'),
		    items: {
			xtype: 'pveFirewallPolicySelector',
			name: 'policy_out',
			value: 'ACCEPT',
			fieldLabel: gettext('Output Policy'),
		    },
		},
	    };
	}

	var edit_btn = new Ext.Button({
	    text: gettext('Edit'),
	    disabled: true,
	    handler: function() { me.run_editor(); },
	});

	var set_button_status = function() {
	    var sm = me.getSelectionModel();
	    var rec = sm.getSelection()[0];

	    if (!rec) {
		edit_btn.disable();
		return;
	    }
	    var rowdef = me.rows[rec.data.key];
	    if (canEdit) {
		edit_btn.setDisabled(!rowdef.editor);
	    }
	};

	Ext.apply(me, {
	    url: "/api2/json" + me.base_url,
	    tbar: [edit_btn],
	    editorConfig: {
		url: '/api2/extjs/' + me.base_url,
	    },
	    listeners: {
		itemdblclick: () => { if (canEdit) { me.run_editor(); } },
		selectionchange: set_button_status,
	    },
	});

	me.callParent();

	me.on('activate', me.rstore.startUpdate);
	me.on('destroy', me.rstore.stopUpdate);
	me.on('deactivate', me.rstore.stopUpdate);
    },
});


Ext.define('PVE.FirewallLogLevels', {
    extend: 'Proxmox.form.KVComboBox',
    alias: ['widget.pveFirewallLogLevels'],

    name: 'log',
    fieldLabel: gettext('Log level'),
    value: 'nolog',
    comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'],
	['crit', 'crit'], ['err', 'err'], ['warning', 'warning'],
	['notice', 'notice'], ['info', 'info'], ['debug', 'debug']],
});
Commit	Line	Data
307a2fb8	1	Ext.define('PVE.FirewallOptions', {
8ea2c870	2	extend: 'Proxmox.grid.ObjectGrid',
307a2fb8 DM	3	alias: ['widget.pveFirewallOptions'],
	4
	5	fwtype: undefined, // 'dc', 'node' or 'vm'
	6
	7	base_url: undefined,
	8
8058410f	9	initComponent: function() {
307a2fb8 DM	10	var me = this;
	11
	12	if (!me.base_url) {
	13	throw "missing base_url configuration";
	14	}
	15
	16	if (me.fwtype === 'dc' \|\| me.fwtype === 'node' \|\| me.fwtype === 'vm') {
	17	if (me.fwtype === 'node') {
	18	me.cwidth1 = 250;
	19	}
	20	} else {
	21	throw "unknown firewall option type";
	22	}
	23
2e37e779	24	let caps = Ext.state.Manager.get('GuiCap');
1056e10c	25	let canEdit = caps.vms['VM.Config.Network'] \|\| caps.dc['Sys.Modify'] \|\| caps.nodes['Sys.Modify'];
2e37e779	26
746ebf2a	27	me.rows = {};
307a2fb8	28
746ebf2a TL	29	var add_boolean_row = function(name, text, defaultValue) {
746ebf2a TL	30	me.add_boolean_row(name, text, { defaultValue: defaultValue });
307a2fb8	31	};
aab2a64d DC	32	var add_integer_row = function(name, text, minValue, labelWidth) {
	33	me.add_integer_row(name, text, {
	34	minValue: minValue,
	35	deleteEmpty: true,
	36	labelWidth: labelWidth,
	37	renderer: function(value) {
	38	if (value === undefined) {
	39	return Proxmox.Utils.defaultText;
	40	}
	41
	42	return value;
f6710aac	43	},
aab2a64d	44	});
307a2fb8 DM	45	};
	46
	47	var add_log_row = function(name, labelWidth) {
746ebf2a	48	me.rows[name] = {
307a2fb8 DM	49	header: name,
	50	required: true,
	51	defaultValue: 'nolog',
	52	editor: {
9fccc702	53	xtype: 'proxmoxWindowEdit',
307a2fb8 DM	54	subject: name,
	55	fieldDefaults: { labelWidth: labelWidth \|\| 100 },
	56	items: {
3c37fe48	57	xtype: 'pveFirewallLogLevels',
307a2fb8	58	name: name,
f6710aac TL	59	fieldLabel: name,
	60	},
	61	},
307a2fb8 DM	62	};
	63	};
	64
307a2fb8	65	if (me.fwtype === 'node') {
75122e54 CE	66	me.rows.enable = {
	67	required: true,
	68	defaultValue: 1,
	69	header: gettext('Firewall'),
	70	renderer: Proxmox.Utils.format_boolean,
	71	editor: {
	72	xtype: 'pveFirewallEnableEdit',
f6710aac TL	73	defaultValue: 1,
f6710aac TL	74	},
75122e54	75	};
307a2fb8 DM	76	add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
307a2fb8 DM	77	add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
c4941d5b	78	add_boolean_row('ndp', 'NDP', 1);
aab2a64d	79	add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120);
746ebf2a	80	add_integer_row('nf_conntrack_tcp_timeout_established',
aab2a64d	81	'nf_conntrack_tcp_timeout_established', 7875, 250);
307a2fb8 DM	82	add_log_row('log_level_in');
	83	add_log_row('log_level_out');
	84	add_log_row('tcp_flags_log_level', 120);
	85	add_log_row('smurf_log_level');
	86	} else if (me.fwtype === 'vm') {
75122e54 CE	87	me.rows.enable = {
	88	required: true,
	89	defaultValue: 0,
	90	header: gettext('Firewall'),
	91	renderer: Proxmox.Utils.format_boolean,
	92	editor: {
	93	xtype: 'pveFirewallEnableEdit',
f6710aac TL	94	defaultValue: 0,
f6710aac TL	95	},
75122e54	96	};
6a5be79f	97	add_boolean_row('dhcp', 'DHCP', 1);
b9628aa5	98	add_boolean_row('ndp', 'NDP', 1);
0a3cf3d4	99	add_boolean_row('radv', gettext('Router Advertisement'), 0);
307a2fb8	100	add_boolean_row('macfilter', gettext('MAC filter'), 1);
9eef71f3	101	add_boolean_row('ipfilter', gettext('IP filter'), 0);
307a2fb8 DM	102	add_log_row('log_level_in');
	103	add_log_row('log_level_out');
	104	} else if (me.fwtype === 'dc') {
0a3cf3d4	105	add_boolean_row('enable', gettext('Firewall'), 0);
20f8d602	106	add_boolean_row('ebtables', 'ebtables', 1);
40120a31 CE	107	me.rows.log_ratelimit = {
	108	header: gettext('Log rate limit'),
	109	required: true,
671f470e	110	defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)',
40120a31	111	editor: {
671f470e	112	xtype: 'pveFirewallLograteEdit',
f6710aac TL	113	defaultValue: 'enable=1',
f6710aac TL	114	},
40120a31	115	};
746ebf2a TL	116	}
746ebf2a TL	117
307a2fb8	118	if (me.fwtype === 'dc' \|\| me.fwtype === 'vm') {
746ebf2a	119	me.rows.policy_in = {
307a2fb8 DM	120	header: gettext('Input Policy'),
	121	required: true,
	122	defaultValue: 'DROP',
	123	editor: {
9fccc702	124	xtype: 'proxmoxWindowEdit',
307a2fb8 DM	125	subject: gettext('Input Policy'),
	126	items: {
	127	xtype: 'pveFirewallPolicySelector',
	128	name: 'policy_in',
	129	value: 'DROP',
f6710aac TL	130	fieldLabel: gettext('Input Policy'),
	131	},
	132	},
307a2fb8 DM	133	};
307a2fb8 DM	134
746ebf2a	135	me.rows.policy_out = {
307a2fb8 DM	136	header: gettext('Output Policy'),
	137	required: true,
	138	defaultValue: 'ACCEPT',
	139	editor: {
9fccc702	140	xtype: 'proxmoxWindowEdit',
307a2fb8 DM	141	subject: gettext('Output Policy'),
	142	items: {
	143	xtype: 'pveFirewallPolicySelector',
	144	name: 'policy_out',
	145	value: 'ACCEPT',
f6710aac TL	146	fieldLabel: gettext('Output Policy'),
	147	},
	148	},
307a2fb8 DM	149	};
	150	}
	151
307a2fb8 DM	152	var edit_btn = new Ext.Button({
	153	text: gettext('Edit'),
	154	disabled: true,
f6710aac	155	handler: function() { me.run_editor(); },
307a2fb8 DM	156	});
	157
	158	var set_button_status = function() {
	159	var sm = me.getSelectionModel();
	160	var rec = sm.getSelection()[0];
	161
	162	if (!rec) {
	163	edit_btn.disable();
	164	return;
	165	}
746ebf2a	166	var rowdef = me.rows[rec.data.key];
1056e10c	167	if (canEdit) {
2e37e779 AD	168	edit_btn.setDisabled(!rowdef.editor);
2e37e779 AD	169	}
307a2fb8 DM	170	};
307a2fb8 DM	171
bc5d0cf8	172	Ext.apply(me, {
307a2fb8	173	url: "/api2/json" + me.base_url,
8058410f	174	tbar: [edit_btn],
746ebf2a	175	editorConfig: {
f6710aac	176	url: '/api2/extjs/' + me.base_url,
746ebf2a	177	},
307a2fb8	178	listeners: {
1056e10c	179	itemdblclick: () => { if (canEdit) { me.run_editor(); } },
f6710aac TL	180	selectionchange: set_button_status,
f6710aac TL	181	},
307a2fb8 DM	182	});
	183
	184	me.callParent();
	185
746ebf2a TL	186	me.on('activate', me.rstore.startUpdate);
	187	me.on('destroy', me.rstore.stopUpdate);
	188	me.on('deactivate', me.rstore.stopUpdate);
f6710aac	189	},
307a2fb8	190	});
3c37fe48 CE	191
	192
	193	Ext.define('PVE.FirewallLogLevels', {
	194	extend: 'Proxmox.form.KVComboBox',
	195	alias: ['widget.pveFirewallLogLevels'],
	196
	197	name: 'log',
	198	fieldLabel: gettext('Log level'),
	199	value: 'nolog',
	200	comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'],
	201	['crit', 'crit'], ['err', 'err'], ['warning', 'warning'],
f6710aac	202	['notice', 'notice'], ['info', 'info'], ['debug', 'debug']],
3c37fe48	203	});