[pve-manager.git] / www / manager6 / grid / FirewallOptions.js

Ext.define('PVE.FirewallOptions', {
    extend: 'Proxmox.grid.ObjectGrid',
    alias: ['widget.pveFirewallOptions'],

    fwtype: undefined, // 'dc', 'node' or 'vm'

    base_url: undefined,

    initComponent: function() {
	var me = this;

	if (!me.base_url) {
	    throw "missing base_url configuration";
	}

	if (me.fwtype === 'dc' || me.fwtype === 'node' || me.fwtype === 'vm') {
	    if (me.fwtype === 'node') {
		me.cwidth1 = 250;
	    }
	} else {
	    throw "unknown firewall option type";
	}

	let caps = Ext.state.Manager.get('GuiCap');
	let canEdit = caps.vms['VM.Config.Network'] || caps.dc['Sys.Modify'] || caps.nodes['Sys.Modify'];

	me.rows = {};

	var add_boolean_row = function(name, text, defaultValue) {
	    me.add_boolean_row(name, text, { defaultValue: defaultValue });
	};
	var add_integer_row = function(name, text, minValue, labelWidth) {
	    me.add_integer_row(name, text, {
		minValue: minValue,
		deleteEmpty: true,
		labelWidth: labelWidth,
		renderer: function(value) {
		    if (value === undefined) {
			return Proxmox.Utils.defaultText;
		    }

		    return value;
		},
	    });
	};

	var add_log_row = function(name, labelWidth) {
	    me.rows[name] = {
		header: name,
		required: true,
		defaultValue: 'nolog',
		editor: {
		    xtype: 'proxmoxWindowEdit',
		    subject: name,
		    fieldDefaults: { labelWidth: labelWidth || 100 },
		    items: {
			xtype: 'pveFirewallLogLevels',
			name: name,
			fieldLabel: name,
		    },
		},
	    };
	};

	if (me.fwtype === 'node') {
	    me.rows.enable = {
		required: true,
		defaultValue: 1,
		header: gettext('Firewall'),
		renderer: Proxmox.Utils.format_boolean,
		editor: {
		    xtype: 'pveFirewallEnableEdit',
		    defaultValue: 1,
		},
	    };
	    add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
	    add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
	    add_boolean_row('ndp', 'NDP', 1);
	    add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120);
	    add_integer_row('nf_conntrack_tcp_timeout_established',
			    'nf_conntrack_tcp_timeout_established', 7875, 250);
	    add_log_row('log_level_in');
	    add_log_row('log_level_out');
	    add_log_row('tcp_flags_log_level', 120);
	    add_log_row('smurf_log_level');
	    add_boolean_row('nftables', gettext('nftables (tech preview)'), 0);
	} else if (me.fwtype === 'vm') {
	    me.rows.enable = {
		required: true,
		defaultValue: 0,
		header: gettext('Firewall'),
		renderer: Proxmox.Utils.format_boolean,
		editor: {
		    xtype: 'pveFirewallEnableEdit',
		    defaultValue: 0,
		},
	    };
	    add_boolean_row('dhcp', 'DHCP', 1);
	    add_boolean_row('ndp', 'NDP', 1);
	    add_boolean_row('radv', gettext('Router Advertisement'), 0);
	    add_boolean_row('macfilter', gettext('MAC filter'), 1);
	    add_boolean_row('ipfilter', gettext('IP filter'), 0);
	    add_log_row('log_level_in');
	    add_log_row('log_level_out');
	} else if (me.fwtype === 'dc') {
	    add_boolean_row('enable', gettext('Firewall'), 0);
	    add_boolean_row('ebtables', 'ebtables', 1);
	    me.rows.log_ratelimit = {
		header: gettext('Log rate limit'),
		required: true,
		defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)',
		editor: {
		    xtype: 'pveFirewallLograteEdit',
		    defaultValue: 'enable=1',
		},
	    };
	}

	if (me.fwtype === 'dc' || me.fwtype === 'vm') {
	    me.rows.policy_in = {
		header: gettext('Input Policy'),
		required: true,
		defaultValue: 'DROP',
		editor: {
		    xtype: 'proxmoxWindowEdit',
		    subject: gettext('Input Policy'),
		    items: {
			xtype: 'pveFirewallPolicySelector',
			name: 'policy_in',
			value: 'DROP',
			fieldLabel: gettext('Input Policy'),
		    },
		},
	    };

	    me.rows.policy_out = {
		header: gettext('Output Policy'),
		required: true,
		defaultValue: 'ACCEPT',
		editor: {
		    xtype: 'proxmoxWindowEdit',
		    subject: gettext('Output Policy'),
		    items: {
			xtype: 'pveFirewallPolicySelector',
			name: 'policy_out',
			value: 'ACCEPT',
			fieldLabel: gettext('Output Policy'),
		    },
		},
	    };
	}

	var edit_btn = new Ext.Button({
	    text: gettext('Edit'),
	    disabled: true,
	    handler: function() { me.run_editor(); },
	});

	var set_button_status = function() {
	    var sm = me.getSelectionModel();
	    var rec = sm.getSelection()[0];

	    if (!rec) {
		edit_btn.disable();
		return;
	    }
	    var rowdef = me.rows[rec.data.key];
	    if (canEdit) {
		edit_btn.setDisabled(!rowdef.editor);
	    }
	};

	Ext.apply(me, {
	    url: "/api2/json" + me.base_url,
	    tbar: [edit_btn],
	    editorConfig: {
		url: '/api2/extjs/' + me.base_url,
	    },
	    listeners: {
		itemdblclick: () => { if (canEdit) { me.run_editor(); } },
		selectionchange: set_button_status,
	    },
	});

	me.callParent();

	me.on('activate', me.rstore.startUpdate);
	me.on('destroy', me.rstore.stopUpdate);
	me.on('deactivate', me.rstore.stopUpdate);
    },
});


Ext.define('PVE.FirewallLogLevels', {
    extend: 'Proxmox.form.KVComboBox',
    alias: ['widget.pveFirewallLogLevels'],

    name: 'log',
    fieldLabel: gettext('Log level'),
    value: 'nolog',
    comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'],
	['crit', 'crit'], ['err', 'err'], ['warning', 'warning'],
	['notice', 'notice'], ['info', 'info'], ['debug', 'debug']],
});
Commit	Line	Data
307a2fb8	1	Ext.define('PVE.FirewallOptions', {
8ea2c870	2	extend: 'Proxmox.grid.ObjectGrid',
307a2fb8 DM	3	alias: ['widget.pveFirewallOptions'],
	4
	5	fwtype: undefined, // 'dc', 'node' or 'vm'
	6
	7	base_url: undefined,
	8
8058410f	9	initComponent: function() {
307a2fb8 DM	10	var me = this;
	11
	12	if (!me.base_url) {
	13	throw "missing base_url configuration";
	14	}
	15
	16	if (me.fwtype === 'dc' \|\| me.fwtype === 'node' \|\| me.fwtype === 'vm') {
	17	if (me.fwtype === 'node') {
	18	me.cwidth1 = 250;
	19	}
	20	} else {
	21	throw "unknown firewall option type";
	22	}
	23
2e37e779	24	let caps = Ext.state.Manager.get('GuiCap');
1056e10c	25	let canEdit = caps.vms['VM.Config.Network'] \|\| caps.dc['Sys.Modify'] \|\| caps.nodes['Sys.Modify'];
2e37e779	26
746ebf2a	27	me.rows = {};
307a2fb8	28
746ebf2a TL	29	var add_boolean_row = function(name, text, defaultValue) {
746ebf2a TL	30	me.add_boolean_row(name, text, { defaultValue: defaultValue });
307a2fb8	31	};
aab2a64d DC	32	var add_integer_row = function(name, text, minValue, labelWidth) {
	33	me.add_integer_row(name, text, {
	34	minValue: minValue,
	35	deleteEmpty: true,
	36	labelWidth: labelWidth,
	37	renderer: function(value) {
	38	if (value === undefined) {
	39	return Proxmox.Utils.defaultText;
	40	}
	41
	42	return value;
f6710aac	43	},
aab2a64d	44	});
307a2fb8 DM	45	};
	46
	47	var add_log_row = function(name, labelWidth) {
746ebf2a	48	me.rows[name] = {
307a2fb8 DM	49	header: name,
	50	required: true,
	51	defaultValue: 'nolog',
	52	editor: {
9fccc702	53	xtype: 'proxmoxWindowEdit',
307a2fb8 DM	54	subject: name,
	55	fieldDefaults: { labelWidth: labelWidth \|\| 100 },
	56	items: {
3c37fe48	57	xtype: 'pveFirewallLogLevels',
307a2fb8	58	name: name,
f6710aac TL	59	fieldLabel: name,
	60	},
	61	},
307a2fb8 DM	62	};
	63	};
	64
307a2fb8	65	if (me.fwtype === 'node') {
75122e54 CE	66	me.rows.enable = {
	67	required: true,
	68	defaultValue: 1,
	69	header: gettext('Firewall'),
	70	renderer: Proxmox.Utils.format_boolean,
	71	editor: {
	72	xtype: 'pveFirewallEnableEdit',
f6710aac TL	73	defaultValue: 1,
f6710aac TL	74	},
75122e54	75	};
307a2fb8 DM	76	add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
307a2fb8 DM	77	add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
c4941d5b	78	add_boolean_row('ndp', 'NDP', 1);
aab2a64d	79	add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120);
746ebf2a	80	add_integer_row('nf_conntrack_tcp_timeout_established',
aab2a64d	81	'nf_conntrack_tcp_timeout_established', 7875, 250);
307a2fb8 DM	82	add_log_row('log_level_in');
	83	add_log_row('log_level_out');
	84	add_log_row('tcp_flags_log_level', 120);
	85	add_log_row('smurf_log_level');
a18e436b	86	add_boolean_row('nftables', gettext('nftables (tech preview)'), 0);
307a2fb8	87	} else if (me.fwtype === 'vm') {
75122e54 CE	88	me.rows.enable = {
	89	required: true,
	90	defaultValue: 0,
	91	header: gettext('Firewall'),
	92	renderer: Proxmox.Utils.format_boolean,
	93	editor: {
	94	xtype: 'pveFirewallEnableEdit',
f6710aac TL	95	defaultValue: 0,
f6710aac TL	96	},
75122e54	97	};
6a5be79f	98	add_boolean_row('dhcp', 'DHCP', 1);
b9628aa5	99	add_boolean_row('ndp', 'NDP', 1);
0a3cf3d4	100	add_boolean_row('radv', gettext('Router Advertisement'), 0);
307a2fb8	101	add_boolean_row('macfilter', gettext('MAC filter'), 1);
9eef71f3	102	add_boolean_row('ipfilter', gettext('IP filter'), 0);
307a2fb8 DM	103	add_log_row('log_level_in');
	104	add_log_row('log_level_out');
	105	} else if (me.fwtype === 'dc') {
0a3cf3d4	106	add_boolean_row('enable', gettext('Firewall'), 0);
20f8d602	107	add_boolean_row('ebtables', 'ebtables', 1);
40120a31 CE	108	me.rows.log_ratelimit = {
	109	header: gettext('Log rate limit'),
	110	required: true,
671f470e	111	defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)',
40120a31	112	editor: {
671f470e	113	xtype: 'pveFirewallLograteEdit',
f6710aac TL	114	defaultValue: 'enable=1',
f6710aac TL	115	},
40120a31	116	};
746ebf2a TL	117	}
746ebf2a TL	118
307a2fb8	119	if (me.fwtype === 'dc' \|\| me.fwtype === 'vm') {
746ebf2a	120	me.rows.policy_in = {
307a2fb8 DM	121	header: gettext('Input Policy'),
	122	required: true,
	123	defaultValue: 'DROP',
	124	editor: {
9fccc702	125	xtype: 'proxmoxWindowEdit',
307a2fb8 DM	126	subject: gettext('Input Policy'),
	127	items: {
	128	xtype: 'pveFirewallPolicySelector',
	129	name: 'policy_in',
	130	value: 'DROP',
f6710aac TL	131	fieldLabel: gettext('Input Policy'),
	132	},
	133	},
307a2fb8 DM	134	};
307a2fb8 DM	135
746ebf2a	136	me.rows.policy_out = {
307a2fb8 DM	137	header: gettext('Output Policy'),
	138	required: true,
	139	defaultValue: 'ACCEPT',
	140	editor: {
9fccc702	141	xtype: 'proxmoxWindowEdit',
307a2fb8 DM	142	subject: gettext('Output Policy'),
	143	items: {
	144	xtype: 'pveFirewallPolicySelector',
	145	name: 'policy_out',
	146	value: 'ACCEPT',
f6710aac TL	147	fieldLabel: gettext('Output Policy'),
	148	},
	149	},
307a2fb8 DM	150	};
	151	}
	152
307a2fb8 DM	153	var edit_btn = new Ext.Button({
	154	text: gettext('Edit'),
	155	disabled: true,
f6710aac	156	handler: function() { me.run_editor(); },
307a2fb8 DM	157	});
	158
	159	var set_button_status = function() {
	160	var sm = me.getSelectionModel();
	161	var rec = sm.getSelection()[0];
	162
	163	if (!rec) {
	164	edit_btn.disable();
	165	return;
	166	}
746ebf2a	167	var rowdef = me.rows[rec.data.key];
1056e10c	168	if (canEdit) {
2e37e779 AD	169	edit_btn.setDisabled(!rowdef.editor);
2e37e779 AD	170	}
307a2fb8 DM	171	};
307a2fb8 DM	172
bc5d0cf8	173	Ext.apply(me, {
307a2fb8	174	url: "/api2/json" + me.base_url,
8058410f	175	tbar: [edit_btn],
746ebf2a	176	editorConfig: {
f6710aac	177	url: '/api2/extjs/' + me.base_url,
746ebf2a	178	},
307a2fb8	179	listeners: {
1056e10c	180	itemdblclick: () => { if (canEdit) { me.run_editor(); } },
f6710aac TL	181	selectionchange: set_button_status,
f6710aac TL	182	},
307a2fb8 DM	183	});
	184
	185	me.callParent();
	186
746ebf2a TL	187	me.on('activate', me.rstore.startUpdate);
	188	me.on('destroy', me.rstore.stopUpdate);
	189	me.on('deactivate', me.rstore.stopUpdate);
f6710aac	190	},
307a2fb8	191	});
3c37fe48 CE	192
	193
	194	Ext.define('PVE.FirewallLogLevels', {
	195	extend: 'Proxmox.form.KVComboBox',
	196	alias: ['widget.pveFirewallLogLevels'],
	197
	198	name: 'log',
	199	fieldLabel: gettext('Log level'),
	200	value: 'nolog',
	201	comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'],
	202	['crit', 'crit'], ['err', 'err'], ['warning', 'warning'],
f6710aac	203	['notice', 'notice'], ['info', 'info'], ['debug', 'debug']],
3c37fe48	204	});