]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Host.pm
1 package PVE
::API2
::Firewall
::Host
;
6 use PVE
::Exception
qw(raise_param_exc);
7 use PVE
::JSONSchema
qw(get_standard_option);
8 use PVE
::RPCEnvironment
;
11 use PVE
::API2
::Firewall
::Rules
;
14 use base
qw(PVE::RESTHandler);
16 __PACKAGE__-
>register_method ({
17 subclass
=> "PVE::API2::Firewall::HostRules",
21 __PACKAGE__-
>register_method({
25 permissions
=> { user
=> 'all' },
26 description
=> "Directory index.",
28 additionalProperties
=> 0,
30 node
=> get_standard_option
('pve-node'),
39 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
46 { name
=> 'options' },
53 my $option_properties = $PVE::Firewall
::host_option_properties
;
55 my $add_option_properties = sub {
56 my ($properties) = @_;
58 foreach my $k (keys %$option_properties) {
59 $properties->{$k} = $option_properties->{$k};
66 __PACKAGE__-
>register_method({
67 name
=> 'get_options',
70 description
=> "Get host firewall options.",
73 check
=> ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
76 additionalProperties
=> 0,
78 node
=> get_standard_option
('pve-node'),
83 #additionalProperties => 1,
84 properties
=> $option_properties,
89 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
90 my $hostfw_conf = PVE
::Firewall
::load_hostfw_conf
($cluster_conf);
92 return PVE
::Firewall
::copy_opject_with_digest
($hostfw_conf->{options
});
95 __PACKAGE__-
>register_method({
96 name
=> 'set_options',
99 description
=> "Set Firewall options.",
103 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
106 additionalProperties
=> 0,
107 properties
=> &$add_option_properties({
108 node
=> get_standard_option
('pve-node'),
110 type
=> 'string', format
=> 'pve-configid-list',
111 description
=> "A list of settings you want to delete.",
114 digest
=> get_standard_option
('pve-config-digest'),
117 returns
=> { type
=> "null" },
121 PVE
::Firewall
::lock_hostfw_conf
(undef, 10, sub {
122 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
123 my $hostfw_conf = PVE
::Firewall
::load_hostfw_conf
($cluster_conf);
125 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($hostfw_conf->{options
});
126 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
128 if ($param->{delete}) {
129 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
130 raise_param_exc
({ delete => "no such option '$opt'" })
131 if !$option_properties->{$opt};
132 delete $hostfw_conf->{options
}->{$opt};
136 if (defined($param->{enable
})) {
137 $param->{enable
} = $param->{enable
} ?
1 : 0;
140 foreach my $k (keys %$option_properties) {
141 next if !defined($param->{$k});
142 $hostfw_conf->{options
}->{$k} = $param->{$k};
145 PVE
::Firewall
::save_hostfw_conf
($hostfw_conf);
151 __PACKAGE__-
>register_method({
155 description
=> "Read firewall log",
158 check
=> ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
162 additionalProperties
=> 0,
164 node
=> get_standard_option
('pve-node'),
183 description
=> "Line number",
187 description
=> "Line text",
196 my $rpcenv = PVE
::RPCEnvironment
::get
();
197 my $user = $rpcenv->get_user();
198 my $node = $param->{node
};
200 my ($count, $lines) = PVE
::Tools
::dump_logfile
("/var/log/pve-firewall.log", $param->{start
}, $param->{limit
});
202 $rpcenv->set_result_attrib('total', $count);