]>
Commit | Line | Data |
---|---|---|
307a2fb8 | 1 | Ext.define('PVE.FirewallOptions', { |
8ea2c870 | 2 | extend: 'Proxmox.grid.ObjectGrid', |
307a2fb8 DM |
3 | alias: ['widget.pveFirewallOptions'], |
4 | ||
5 | fwtype: undefined, // 'dc', 'node' or 'vm' | |
6 | ||
7 | base_url: undefined, | |
8 | ||
8058410f | 9 | initComponent: function() { |
307a2fb8 DM |
10 | var me = this; |
11 | ||
12 | if (!me.base_url) { | |
13 | throw "missing base_url configuration"; | |
14 | } | |
15 | ||
16 | if (me.fwtype === 'dc' || me.fwtype === 'node' || me.fwtype === 'vm') { | |
17 | if (me.fwtype === 'node') { | |
18 | me.cwidth1 = 250; | |
19 | } | |
20 | } else { | |
21 | throw "unknown firewall option type"; | |
22 | } | |
23 | ||
2e37e779 | 24 | let caps = Ext.state.Manager.get('GuiCap'); |
1056e10c | 25 | let canEdit = caps.vms['VM.Config.Network'] || caps.dc['Sys.Modify'] || caps.nodes['Sys.Modify']; |
2e37e779 | 26 | |
746ebf2a | 27 | me.rows = {}; |
307a2fb8 | 28 | |
746ebf2a TL |
29 | var add_boolean_row = function(name, text, defaultValue) { |
30 | me.add_boolean_row(name, text, { defaultValue: defaultValue }); | |
307a2fb8 | 31 | }; |
aab2a64d DC |
32 | var add_integer_row = function(name, text, minValue, labelWidth) { |
33 | me.add_integer_row(name, text, { | |
34 | minValue: minValue, | |
35 | deleteEmpty: true, | |
36 | labelWidth: labelWidth, | |
37 | renderer: function(value) { | |
38 | if (value === undefined) { | |
39 | return Proxmox.Utils.defaultText; | |
40 | } | |
41 | ||
42 | return value; | |
f6710aac | 43 | }, |
aab2a64d | 44 | }); |
307a2fb8 DM |
45 | }; |
46 | ||
47 | var add_log_row = function(name, labelWidth) { | |
746ebf2a | 48 | me.rows[name] = { |
307a2fb8 DM |
49 | header: name, |
50 | required: true, | |
51 | defaultValue: 'nolog', | |
52 | editor: { | |
9fccc702 | 53 | xtype: 'proxmoxWindowEdit', |
307a2fb8 DM |
54 | subject: name, |
55 | fieldDefaults: { labelWidth: labelWidth || 100 }, | |
56 | items: { | |
3c37fe48 | 57 | xtype: 'pveFirewallLogLevels', |
307a2fb8 | 58 | name: name, |
f6710aac TL |
59 | fieldLabel: name, |
60 | }, | |
61 | }, | |
307a2fb8 DM |
62 | }; |
63 | }; | |
64 | ||
307a2fb8 | 65 | if (me.fwtype === 'node') { |
75122e54 CE |
66 | me.rows.enable = { |
67 | required: true, | |
68 | defaultValue: 1, | |
69 | header: gettext('Firewall'), | |
70 | renderer: Proxmox.Utils.format_boolean, | |
71 | editor: { | |
72 | xtype: 'pveFirewallEnableEdit', | |
f6710aac TL |
73 | defaultValue: 1, |
74 | }, | |
75122e54 | 75 | }; |
307a2fb8 DM |
76 | add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1); |
77 | add_boolean_row('tcpflags', gettext('TCP flags filter'), 0); | |
c4941d5b | 78 | add_boolean_row('ndp', 'NDP', 1); |
aab2a64d | 79 | add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120); |
746ebf2a | 80 | add_integer_row('nf_conntrack_tcp_timeout_established', |
aab2a64d | 81 | 'nf_conntrack_tcp_timeout_established', 7875, 250); |
307a2fb8 DM |
82 | add_log_row('log_level_in'); |
83 | add_log_row('log_level_out'); | |
84 | add_log_row('tcp_flags_log_level', 120); | |
85 | add_log_row('smurf_log_level'); | |
86 | } else if (me.fwtype === 'vm') { | |
75122e54 CE |
87 | me.rows.enable = { |
88 | required: true, | |
89 | defaultValue: 0, | |
90 | header: gettext('Firewall'), | |
91 | renderer: Proxmox.Utils.format_boolean, | |
92 | editor: { | |
93 | xtype: 'pveFirewallEnableEdit', | |
f6710aac TL |
94 | defaultValue: 0, |
95 | }, | |
75122e54 | 96 | }; |
6a5be79f | 97 | add_boolean_row('dhcp', 'DHCP', 1); |
b9628aa5 | 98 | add_boolean_row('ndp', 'NDP', 1); |
0a3cf3d4 | 99 | add_boolean_row('radv', gettext('Router Advertisement'), 0); |
307a2fb8 | 100 | add_boolean_row('macfilter', gettext('MAC filter'), 1); |
9eef71f3 | 101 | add_boolean_row('ipfilter', gettext('IP filter'), 0); |
307a2fb8 DM |
102 | add_log_row('log_level_in'); |
103 | add_log_row('log_level_out'); | |
104 | } else if (me.fwtype === 'dc') { | |
0a3cf3d4 | 105 | add_boolean_row('enable', gettext('Firewall'), 0); |
20f8d602 | 106 | add_boolean_row('ebtables', 'ebtables', 1); |
40120a31 CE |
107 | me.rows.log_ratelimit = { |
108 | header: gettext('Log rate limit'), | |
109 | required: true, | |
671f470e | 110 | defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)', |
40120a31 | 111 | editor: { |
671f470e | 112 | xtype: 'pveFirewallLograteEdit', |
f6710aac TL |
113 | defaultValue: 'enable=1', |
114 | }, | |
40120a31 | 115 | }; |
746ebf2a TL |
116 | } |
117 | ||
307a2fb8 | 118 | if (me.fwtype === 'dc' || me.fwtype === 'vm') { |
746ebf2a | 119 | me.rows.policy_in = { |
307a2fb8 DM |
120 | header: gettext('Input Policy'), |
121 | required: true, | |
122 | defaultValue: 'DROP', | |
123 | editor: { | |
9fccc702 | 124 | xtype: 'proxmoxWindowEdit', |
307a2fb8 DM |
125 | subject: gettext('Input Policy'), |
126 | items: { | |
127 | xtype: 'pveFirewallPolicySelector', | |
128 | name: 'policy_in', | |
129 | value: 'DROP', | |
f6710aac TL |
130 | fieldLabel: gettext('Input Policy'), |
131 | }, | |
132 | }, | |
307a2fb8 DM |
133 | }; |
134 | ||
746ebf2a | 135 | me.rows.policy_out = { |
307a2fb8 DM |
136 | header: gettext('Output Policy'), |
137 | required: true, | |
138 | defaultValue: 'ACCEPT', | |
139 | editor: { | |
9fccc702 | 140 | xtype: 'proxmoxWindowEdit', |
307a2fb8 DM |
141 | subject: gettext('Output Policy'), |
142 | items: { | |
143 | xtype: 'pveFirewallPolicySelector', | |
144 | name: 'policy_out', | |
145 | value: 'ACCEPT', | |
f6710aac TL |
146 | fieldLabel: gettext('Output Policy'), |
147 | }, | |
148 | }, | |
307a2fb8 DM |
149 | }; |
150 | } | |
151 | ||
307a2fb8 DM |
152 | var edit_btn = new Ext.Button({ |
153 | text: gettext('Edit'), | |
154 | disabled: true, | |
f6710aac | 155 | handler: function() { me.run_editor(); }, |
307a2fb8 DM |
156 | }); |
157 | ||
158 | var set_button_status = function() { | |
159 | var sm = me.getSelectionModel(); | |
160 | var rec = sm.getSelection()[0]; | |
161 | ||
162 | if (!rec) { | |
163 | edit_btn.disable(); | |
164 | return; | |
165 | } | |
746ebf2a | 166 | var rowdef = me.rows[rec.data.key]; |
1056e10c | 167 | if (canEdit) { |
2e37e779 AD |
168 | edit_btn.setDisabled(!rowdef.editor); |
169 | } | |
307a2fb8 DM |
170 | }; |
171 | ||
bc5d0cf8 | 172 | Ext.apply(me, { |
307a2fb8 | 173 | url: "/api2/json" + me.base_url, |
8058410f | 174 | tbar: [edit_btn], |
746ebf2a | 175 | editorConfig: { |
f6710aac | 176 | url: '/api2/extjs/' + me.base_url, |
746ebf2a | 177 | }, |
307a2fb8 | 178 | listeners: { |
1056e10c | 179 | itemdblclick: () => { if (canEdit) { me.run_editor(); } }, |
f6710aac TL |
180 | selectionchange: set_button_status, |
181 | }, | |
307a2fb8 DM |
182 | }); |
183 | ||
184 | me.callParent(); | |
185 | ||
746ebf2a TL |
186 | me.on('activate', me.rstore.startUpdate); |
187 | me.on('destroy', me.rstore.stopUpdate); | |
188 | me.on('deactivate', me.rstore.stopUpdate); | |
f6710aac | 189 | }, |
307a2fb8 | 190 | }); |
3c37fe48 CE |
191 | |
192 | ||
193 | Ext.define('PVE.FirewallLogLevels', { | |
194 | extend: 'Proxmox.form.KVComboBox', | |
195 | alias: ['widget.pveFirewallLogLevels'], | |
196 | ||
197 | name: 'log', | |
198 | fieldLabel: gettext('Log level'), | |
199 | value: 'nolog', | |
200 | comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'], | |
201 | ['crit', 'crit'], ['err', 'err'], ['warning', 'warning'], | |
f6710aac | 202 | ['notice', 'notice'], ['info', 'info'], ['debug', 'debug']], |
3c37fe48 | 203 | }); |