]>
git.proxmox.com Git - pve-firewall.git/blob - pvefw
10 use PVE
::RPCEnvironment
;
12 use PVE
::JSONSchema
qw(get_standard_option);
16 use base
qw(PVE::CLIHandler);
18 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
22 die "please run as root\n" if $> != 0;
24 PVE
::INotify
::inotify_init
();
26 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
28 $rpcenv->init_request();
29 $rpcenv->set_language($ENV{LANG
});
30 $rpcenv->set_user('root@pam');
32 __PACKAGE__-
>register_method ({
36 description
=> "Compile amd print firewall rules. This is only for testing.",
38 additionalProperties
=> 0,
41 description
=> "Verbose output.",
48 returns
=> { type
=> 'null' },
54 my $ruleset = PVE
::Firewall
::compile
();
55 PVE
::Firewall
::get_ruleset_status
($ruleset, 1) if $param->{verbose
};
58 PVE
::Firewall
::run_locked
($code);
63 __PACKAGE__-
>register_method ({
67 description
=> "Start (or restart if already active) firewall.",
69 additionalProperties
=> 0,
72 description
=> "Verbose output.",
79 returns
=> { type
=> 'null' },
85 my $ruleset = PVE
::Firewall
::compile
();
86 PVE
::Firewall
::apply_ruleset
($ruleset, $param->{verbose
});
89 PVE
::Firewall
::run_locked
($code);
94 __PACKAGE__-
>register_method ({
98 description
=> "Stop firewall. This will remove all rules installed by this script. The host is then unprotected.",
100 additionalProperties
=> 0,
103 returns
=> { type
=> 'null' },
109 my $chash = PVE
::Firewall
::iptables_get_chains
();
110 my $cmdlist = "*filter\n";
111 my $rule = "INPUT -j PVEFW-INPUT";
112 if (PVE
::Firewall
::iptables_rule_exist
($rule)) {
113 $cmdlist .= "-D $rule\n";
115 $rule = "OUTPUT -j PVEFW-OUTPUT";
116 if (PVE
::Firewall
::iptables_rule_exist
($rule)) {
117 $cmdlist .= "-D $rule\n";
120 $rule = "FORWARD -j PVEFW-FORWARD";
121 if (PVE
::Firewall
::iptables_rule_exist
($rule)) {
122 $cmdlist .= "-D $rule\n";
125 foreach my $chain (keys %$chash) {
126 $cmdlist .= "-F $chain\n";
128 foreach my $chain (keys %$chash) {
129 $cmdlist .= "-X $chain\n";
131 $cmdlist .= "COMMIT\n";
133 PVE
::Firewall
::iptables_restore_cmdlist
($cmdlist);
136 PVE
::Firewall
::run_locked
($code);
141 my $nodename = PVE
::INotify
::nodename
();
144 compile
=> [ __PACKAGE__
, 'compile', []],
145 start
=> [ __PACKAGE__
, 'start', []],
146 stop
=> [ __PACKAGE__
, 'stop', []],
151 PVE
::CLIHandler
::handle_cmd
($cmddef, "pvefw", $cmd, \
@ARGV, undef, $0);