]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/VM.pm
1 package PVE
::API2
::Firewall
::VMBase
;
6 use PVE
::Exception
qw(raise_param_exc);
7 use PVE
::JSONSchema
qw(get_standard_option);
10 use PVE
::API2
::Firewall
::Rules
;
11 use PVE
::API2
::Firewall
::Aliases
;
14 use base
qw(PVE::RESTHandler);
16 my $option_properties = $PVE::Firewall
::vm_option_properties
;
18 my $add_option_properties = sub {
19 my ($properties) = @_;
21 foreach my $k (keys %$option_properties) {
22 $properties->{$k} = $option_properties->{$k};
28 sub register_handlers
{
29 my ($class, $rule_env) = @_;
31 $class->register_method({
35 permissions
=> { user
=> 'all' },
36 description
=> "Directory index.",
38 additionalProperties
=> 0,
40 node
=> get_standard_option
('pve-node'),
41 vmid
=> get_standard_option
('pve-vmid'),
50 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
57 { name
=> 'aliases' },
60 { name
=> 'options' },
67 $class->register_method({
68 name
=> 'get_options',
71 description
=> "Get VM firewall options.",
74 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
77 additionalProperties
=> 0,
79 node
=> get_standard_option
('pve-node'),
80 vmid
=> get_standard_option
('pve-vmid'),
85 #additionalProperties => 1,
86 properties
=> $option_properties,
91 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
92 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, $rule_env, $param->{vmid
});
94 return PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
97 $class->register_method({
98 name
=> 'set_options',
101 description
=> "Set Firewall options.",
105 check
=> ['perm', '/vms/{vmid}', [ 'VM.Config.Network' ]],
108 additionalProperties
=> 0,
109 properties
=> &$add_option_properties({
110 node
=> get_standard_option
('pve-node'),
111 vmid
=> get_standard_option
('pve-vmid'),
113 type
=> 'string', format
=> 'pve-configid-list',
114 description
=> "A list of settings you want to delete.",
117 digest
=> get_standard_option
('pve-config-digest'),
120 returns
=> { type
=> "null" },
124 PVE
::Firewall
::lock_vmfw_conf
($param->{vmid
}, 10, sub {
125 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
126 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, $rule_env, $param->{vmid
});
128 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
129 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
131 if ($param->{delete}) {
132 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
133 raise_param_exc
({ delete => "no such option '$opt'" })
134 if !$option_properties->{$opt};
135 delete $vmfw_conf->{options
}->{$opt};
139 if (defined($param->{enable
})) {
140 $param->{enable
} = $param->{enable
} ?
1 : 0;
143 foreach my $k (keys %$option_properties) {
144 next if !defined($param->{$k});
145 $vmfw_conf->{options
}->{$k} = $param->{$k};
148 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $vmfw_conf);
154 $class->register_method({
158 description
=> "Read firewall log",
161 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
165 additionalProperties
=> 0,
167 node
=> get_standard_option
('pve-node'),
168 vmid
=> get_standard_option
('pve-vmid'),
187 description
=> "Line number",
191 description
=> "Line text",
200 my $rpcenv = PVE
::RPCEnvironment
::get
();
201 my $user = $rpcenv->get_user();
202 my $vmid = $param->{vmid
};
204 my ($count, $lines) = PVE
::Tools
::dump_logfile
("/var/log/pve-firewall.log",
205 $param->{start
}, $param->{limit
},
208 $rpcenv->set_result_attrib('total', $count);
214 $class->register_method({
218 description
=> "Lists possible IPSet/Alias reference which are allowed in source/dest properties.",
220 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
223 additionalProperties
=> 0,
225 node
=> get_standard_option
('pve-node'),
226 vmid
=> get_standard_option
('pve-vmid'),
228 description
=> "Only list references of specified type.",
230 enum
=> ['alias', 'ipset'],
242 enum
=> ['alias', 'ipset'],
257 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
258 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, $rule_env, $param->{vmid
});
263 foreach my $conf (($cluster_conf, $fw_conf)) {
265 if (!$param->{type
} || $param->{type
} eq 'ipset') {
266 foreach my $name (keys %{$conf->{ipset
}}) {
272 if (my $comment = $conf->{ipset_comments
}->{$name}) {
273 $data->{comment
} = $comment;
275 $ipsets->{$name} = $data;
279 if (!$param->{type
} || $param->{type
} eq 'alias') {
280 foreach my $name (keys %{$conf->{aliases
}}) {
281 my $e = $conf->{aliases
}->{$name};
287 $data->{comment
} = $e->{comment
} if $e->{comment
};
288 $aliases->{$name} = $data;
294 foreach my $e (values %$ipsets) { push @$res, $e; };
295 foreach my $e (values %$aliases) { push @$res, $e; };
301 package PVE
::API2
::Firewall
::VM
;
306 use base
qw(PVE::API2::Firewall::VMBase);
308 __PACKAGE__-
>register_method ({
309 subclass
=> "PVE::API2::Firewall::VMRules",
313 __PACKAGE__-
>register_method ({
314 subclass
=> "PVE::API2::Firewall::VMAliases",
318 __PACKAGE__-
>register_method ({
319 subclass
=> "PVE::API2::Firewall::VMIPSetList",
323 __PACKAGE__-
>register_handlers('vm');
325 package PVE
::API2
::Firewall
::CT
;
330 use base
qw(PVE::API2::Firewall::VMBase);
332 __PACKAGE__-
>register_method ({
333 subclass
=> "PVE::API2::Firewall::CTRules",
337 __PACKAGE__-
>register_method ({
338 subclass
=> "PVE::API2::Firewall::CTAliases",
342 __PACKAGE__-
>register_method ({
343 subclass
=> "PVE::API2::Firewall::CTIPSetList",
347 __PACKAGE__-
>register_handlers('vm');