]>
Commit | Line | Data |
---|---|---|
307a2fb8 | 1 | Ext.define('PVE.FirewallOptions', { |
8ea2c870 | 2 | extend: 'Proxmox.grid.ObjectGrid', |
307a2fb8 DM |
3 | alias: ['widget.pveFirewallOptions'], |
4 | ||
5 | fwtype: undefined, // 'dc', 'node' or 'vm' | |
6 | ||
7 | base_url: undefined, | |
8 | ||
8058410f | 9 | initComponent: function() { |
307a2fb8 DM |
10 | var me = this; |
11 | ||
12 | if (!me.base_url) { | |
13 | throw "missing base_url configuration"; | |
14 | } | |
15 | ||
16 | if (me.fwtype === 'dc' || me.fwtype === 'node' || me.fwtype === 'vm') { | |
17 | if (me.fwtype === 'node') { | |
18 | me.cwidth1 = 250; | |
19 | } | |
20 | } else { | |
21 | throw "unknown firewall option type"; | |
22 | } | |
23 | ||
2e37e779 | 24 | let caps = Ext.state.Manager.get('GuiCap'); |
1056e10c | 25 | let canEdit = caps.vms['VM.Config.Network'] || caps.dc['Sys.Modify'] || caps.nodes['Sys.Modify']; |
2e37e779 | 26 | |
746ebf2a | 27 | me.rows = {}; |
307a2fb8 | 28 | |
746ebf2a TL |
29 | var add_boolean_row = function(name, text, defaultValue) { |
30 | me.add_boolean_row(name, text, { defaultValue: defaultValue }); | |
307a2fb8 | 31 | }; |
aab2a64d DC |
32 | var add_integer_row = function(name, text, minValue, labelWidth) { |
33 | me.add_integer_row(name, text, { | |
34 | minValue: minValue, | |
35 | deleteEmpty: true, | |
36 | labelWidth: labelWidth, | |
37 | renderer: function(value) { | |
38 | if (value === undefined) { | |
39 | return Proxmox.Utils.defaultText; | |
40 | } | |
41 | ||
42 | return value; | |
f6710aac | 43 | }, |
aab2a64d | 44 | }); |
307a2fb8 DM |
45 | }; |
46 | ||
47 | var add_log_row = function(name, labelWidth) { | |
746ebf2a | 48 | me.rows[name] = { |
307a2fb8 DM |
49 | header: name, |
50 | required: true, | |
51 | defaultValue: 'nolog', | |
52 | editor: { | |
9fccc702 | 53 | xtype: 'proxmoxWindowEdit', |
307a2fb8 DM |
54 | subject: name, |
55 | fieldDefaults: { labelWidth: labelWidth || 100 }, | |
56 | items: { | |
3c37fe48 | 57 | xtype: 'pveFirewallLogLevels', |
307a2fb8 | 58 | name: name, |
f6710aac TL |
59 | fieldLabel: name, |
60 | }, | |
61 | }, | |
307a2fb8 DM |
62 | }; |
63 | }; | |
64 | ||
307a2fb8 | 65 | if (me.fwtype === 'node') { |
75122e54 CE |
66 | me.rows.enable = { |
67 | required: true, | |
68 | defaultValue: 1, | |
69 | header: gettext('Firewall'), | |
70 | renderer: Proxmox.Utils.format_boolean, | |
71 | editor: { | |
72 | xtype: 'pveFirewallEnableEdit', | |
f6710aac TL |
73 | defaultValue: 1, |
74 | }, | |
75122e54 | 75 | }; |
307a2fb8 DM |
76 | add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1); |
77 | add_boolean_row('tcpflags', gettext('TCP flags filter'), 0); | |
c4941d5b | 78 | add_boolean_row('ndp', 'NDP', 1); |
aab2a64d | 79 | add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120); |
746ebf2a | 80 | add_integer_row('nf_conntrack_tcp_timeout_established', |
aab2a64d | 81 | 'nf_conntrack_tcp_timeout_established', 7875, 250); |
307a2fb8 DM |
82 | add_log_row('log_level_in'); |
83 | add_log_row('log_level_out'); | |
84 | add_log_row('tcp_flags_log_level', 120); | |
85 | add_log_row('smurf_log_level'); | |
a18e436b | 86 | add_boolean_row('nftables', gettext('nftables (tech preview)'), 0); |
307a2fb8 | 87 | } else if (me.fwtype === 'vm') { |
75122e54 CE |
88 | me.rows.enable = { |
89 | required: true, | |
90 | defaultValue: 0, | |
91 | header: gettext('Firewall'), | |
92 | renderer: Proxmox.Utils.format_boolean, | |
93 | editor: { | |
94 | xtype: 'pveFirewallEnableEdit', | |
f6710aac TL |
95 | defaultValue: 0, |
96 | }, | |
75122e54 | 97 | }; |
6a5be79f | 98 | add_boolean_row('dhcp', 'DHCP', 1); |
b9628aa5 | 99 | add_boolean_row('ndp', 'NDP', 1); |
0a3cf3d4 | 100 | add_boolean_row('radv', gettext('Router Advertisement'), 0); |
307a2fb8 | 101 | add_boolean_row('macfilter', gettext('MAC filter'), 1); |
9eef71f3 | 102 | add_boolean_row('ipfilter', gettext('IP filter'), 0); |
307a2fb8 DM |
103 | add_log_row('log_level_in'); |
104 | add_log_row('log_level_out'); | |
105 | } else if (me.fwtype === 'dc') { | |
0a3cf3d4 | 106 | add_boolean_row('enable', gettext('Firewall'), 0); |
20f8d602 | 107 | add_boolean_row('ebtables', 'ebtables', 1); |
40120a31 CE |
108 | me.rows.log_ratelimit = { |
109 | header: gettext('Log rate limit'), | |
110 | required: true, | |
671f470e | 111 | defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)', |
40120a31 | 112 | editor: { |
671f470e | 113 | xtype: 'pveFirewallLograteEdit', |
f6710aac TL |
114 | defaultValue: 'enable=1', |
115 | }, | |
40120a31 | 116 | }; |
746ebf2a TL |
117 | } |
118 | ||
307a2fb8 | 119 | if (me.fwtype === 'dc' || me.fwtype === 'vm') { |
746ebf2a | 120 | me.rows.policy_in = { |
307a2fb8 DM |
121 | header: gettext('Input Policy'), |
122 | required: true, | |
123 | defaultValue: 'DROP', | |
124 | editor: { | |
9fccc702 | 125 | xtype: 'proxmoxWindowEdit', |
307a2fb8 DM |
126 | subject: gettext('Input Policy'), |
127 | items: { | |
128 | xtype: 'pveFirewallPolicySelector', | |
129 | name: 'policy_in', | |
130 | value: 'DROP', | |
f6710aac TL |
131 | fieldLabel: gettext('Input Policy'), |
132 | }, | |
133 | }, | |
307a2fb8 DM |
134 | }; |
135 | ||
746ebf2a | 136 | me.rows.policy_out = { |
307a2fb8 DM |
137 | header: gettext('Output Policy'), |
138 | required: true, | |
139 | defaultValue: 'ACCEPT', | |
140 | editor: { | |
9fccc702 | 141 | xtype: 'proxmoxWindowEdit', |
307a2fb8 DM |
142 | subject: gettext('Output Policy'), |
143 | items: { | |
144 | xtype: 'pveFirewallPolicySelector', | |
145 | name: 'policy_out', | |
146 | value: 'ACCEPT', | |
f6710aac TL |
147 | fieldLabel: gettext('Output Policy'), |
148 | }, | |
149 | }, | |
307a2fb8 DM |
150 | }; |
151 | } | |
152 | ||
307a2fb8 DM |
153 | var edit_btn = new Ext.Button({ |
154 | text: gettext('Edit'), | |
155 | disabled: true, | |
f6710aac | 156 | handler: function() { me.run_editor(); }, |
307a2fb8 DM |
157 | }); |
158 | ||
159 | var set_button_status = function() { | |
160 | var sm = me.getSelectionModel(); | |
161 | var rec = sm.getSelection()[0]; | |
162 | ||
163 | if (!rec) { | |
164 | edit_btn.disable(); | |
165 | return; | |
166 | } | |
746ebf2a | 167 | var rowdef = me.rows[rec.data.key]; |
1056e10c | 168 | if (canEdit) { |
2e37e779 AD |
169 | edit_btn.setDisabled(!rowdef.editor); |
170 | } | |
307a2fb8 DM |
171 | }; |
172 | ||
bc5d0cf8 | 173 | Ext.apply(me, { |
307a2fb8 | 174 | url: "/api2/json" + me.base_url, |
8058410f | 175 | tbar: [edit_btn], |
746ebf2a | 176 | editorConfig: { |
f6710aac | 177 | url: '/api2/extjs/' + me.base_url, |
746ebf2a | 178 | }, |
307a2fb8 | 179 | listeners: { |
1056e10c | 180 | itemdblclick: () => { if (canEdit) { me.run_editor(); } }, |
f6710aac TL |
181 | selectionchange: set_button_status, |
182 | }, | |
307a2fb8 DM |
183 | }); |
184 | ||
185 | me.callParent(); | |
186 | ||
746ebf2a TL |
187 | me.on('activate', me.rstore.startUpdate); |
188 | me.on('destroy', me.rstore.stopUpdate); | |
189 | me.on('deactivate', me.rstore.stopUpdate); | |
f6710aac | 190 | }, |
307a2fb8 | 191 | }); |
3c37fe48 CE |
192 | |
193 | ||
194 | Ext.define('PVE.FirewallLogLevels', { | |
195 | extend: 'Proxmox.form.KVComboBox', | |
196 | alias: ['widget.pveFirewallLogLevels'], | |
197 | ||
198 | name: 'log', | |
199 | fieldLabel: gettext('Log level'), | |
200 | value: 'nolog', | |
201 | comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'], | |
202 | ['crit', 'crit'], ['err', 'err'], ['warning', 'warning'], | |
f6710aac | 203 | ['notice', 'notice'], ['info', 'info'], ['debug', 'debug']], |
3c37fe48 | 204 | }); |