]>
git.proxmox.com Git - pve-firewall.git/blob - pvefw
10 use PVE
::RPCEnvironment
;
12 use PVE
::JSONSchema
qw(get_standard_option);
16 use base
qw(PVE::CLIHandler);
18 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
22 die "please run as root\n" if $> != 0;
24 PVE
::INotify
::inotify_init
();
26 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
28 $rpcenv->init_request();
29 $rpcenv->set_language($ENV{LANG
});
30 $rpcenv->set_user('root@pam');
32 __PACKAGE__-
>register_method ({
36 description
=> "Compile amd print firewall rules. This is only for testing.",
38 additionalProperties
=> 0,
41 description
=> "Verbose output.",
47 returns
=> { type
=> 'null' },
52 my $rpcenv = PVE
::RPCEnvironment
::get
();
55 if !defined($param->{verbose
}) && ($rpcenv->{type
} eq 'cli');
58 my $ruleset = PVE
::Firewall
::compile
();
59 PVE
::Firewall
::get_ruleset_status
($ruleset, 1) if $param->{verbose
};
62 PVE
::Firewall
::run_locked
($code);
67 __PACKAGE__-
>register_method ({
71 description
=> "Start (or restart if already active) firewall.",
73 additionalProperties
=> 0,
76 description
=> "Verbose output.",
83 returns
=> { type
=> 'null' },
89 my $ruleset = PVE
::Firewall
::compile
();
90 PVE
::Firewall
::apply_ruleset
($ruleset, $param->{verbose
});
93 PVE
::Firewall
::run_locked
($code);
98 __PACKAGE__-
>register_method ({
102 description
=> "Stop firewall. This will remove all rules installed by this script. The host is then unprotected.",
104 additionalProperties
=> 0,
107 returns
=> { type
=> 'null' },
113 my $chash = PVE
::Firewall
::iptables_get_chains
();
114 my $cmdlist = "*filter\n";
115 my $rule = "INPUT -j PVEFW-INPUT";
116 if (PVE
::Firewall
::iptables_rule_exist
($rule)) {
117 $cmdlist .= "-D $rule\n";
119 $rule = "OUTPUT -j PVEFW-OUTPUT";
120 if (PVE
::Firewall
::iptables_rule_exist
($rule)) {
121 $cmdlist .= "-D $rule\n";
124 $rule = "FORWARD -j PVEFW-FORWARD";
125 if (PVE
::Firewall
::iptables_rule_exist
($rule)) {
126 $cmdlist .= "-D $rule\n";
129 foreach my $chain (keys %$chash) {
130 $cmdlist .= "-F $chain\n";
132 foreach my $chain (keys %$chash) {
133 $cmdlist .= "-X $chain\n";
135 $cmdlist .= "COMMIT\n";
137 PVE
::Firewall
::iptables_restore_cmdlist
($cmdlist);
140 PVE
::Firewall
::run_locked
($code);
145 my $nodename = PVE
::INotify
::nodename
();
148 compile
=> [ __PACKAGE__
, 'compile', []],
149 start
=> [ __PACKAGE__
, 'start', []],
150 stop
=> [ __PACKAGE__
, 'stop', []],
155 PVE
::CLIHandler
::handle_cmd
($cmddef, "pvefw", $cmd, \
@ARGV, undef, $0);