Ext.define('PVE.FirewallOptions', {
- extend: 'PVE.grid.ObjectGrid',
+ extend: 'Proxmox.grid.ObjectGrid',
alias: ['widget.pveFirewallOptions'],
fwtype: undefined, // 'dc', 'node' or 'vm'
base_url: undefined,
- initComponent : function() {
- /*jslint confusion: true */
-
+ initComponent: function() {
var me = this;
if (!me.base_url) {
throw "unknown firewall option type";
}
- var rows = {};
+ let caps = Ext.state.Manager.get('GuiCap');
+ let canEdit = caps.vms['VM.Config.Network'] || caps.dc['Sys.Modify'] || caps.nodes['Sys.Modify'];
- var add_boolean_row = function(name, text, defaultValue, labelWidth) {
- rows[name] = {
- header: text,
- required: true,
- defaultValue: defaultValue || 0,
- renderer: PVE.Utils.format_boolean,
- editor: {
- xtype: 'pveWindowEdit',
- subject: text,
- fieldDefaults: { labelWidth: labelWidth || 100 },
- items: {
- xtype: 'pvecheckbox',
- defaultValue: defaultValue || 0,
- checked: defaultValue ? true : false,
- name: name,
- uncheckedValue: 0,
- fieldLabel: text
- }
- }
- };
- };
+ me.rows = {};
- var add_integer_row = function(name, text, labelWidth, minValue) {
- rows[name] = {
- header: text,
- required: true,
+ var add_boolean_row = function(name, text, defaultValue) {
+ me.add_boolean_row(name, text, { defaultValue: defaultValue });
+ };
+ var add_integer_row = function(name, text, minValue, labelWidth) {
+ me.add_integer_row(name, text, {
+ minValue: minValue,
+ deleteEmpty: true,
+ labelWidth: labelWidth,
renderer: function(value) {
- return value || PVE.Utils.defaultText;
- },
- editor: {
- xtype: 'pveWindowEdit',
- subject: text,
- fieldDefaults: { labelWidth: labelWidth || 100 },
- items: {
- xtype: 'numberfield',
- name: name,
- minValue: minValue,
- decimalPrecision: 0,
- fieldLabel: text,
- emptyText: gettext('Default'),
- getSubmitData: function() {
- var me = this;
- var val = me.getSubmitValue();
- if (val !== null && val !== '') {
- var data = {};
- data[name] = val;
- return data;
- } else {
- return { 'delete' : name };
- }
- }
+ if (value === undefined) {
+ return Proxmox.Utils.defaultText;
}
- }
- };
+
+ return value;
+ },
+ });
};
var add_log_row = function(name, labelWidth) {
- rows[name] = {
+ me.rows[name] = {
header: name,
required: true,
defaultValue: 'nolog',
editor: {
- xtype: 'pveWindowEdit',
+ xtype: 'proxmoxWindowEdit',
subject: name,
fieldDefaults: { labelWidth: labelWidth || 100 },
items: {
- xtype: 'pveKVComboBox',
+ xtype: 'pveFirewallLogLevels',
name: name,
fieldLabel: name,
- comboItems: [['nolog', 'nolog'], ['info', 'info'], ['err', 'err'],
- ['warning', 'warning'], ['crit', 'crit'], ['alert', 'alert'],
- ['emerg', 'emerg'], ['debug', 'debug']]
- }
- }
+ },
+ },
};
};
-
if (me.fwtype === 'node') {
- add_boolean_row('enable', gettext('Enable Firewall'), 1);
+ me.rows.enable = {
+ required: true,
+ defaultValue: 1,
+ header: gettext('Firewall'),
+ renderer: Proxmox.Utils.format_boolean,
+ editor: {
+ xtype: 'pveFirewallEnableEdit',
+ defaultValue: 1,
+ },
+ };
add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
- add_boolean_row('ndp', gettext('Enable NDP'), 1);
- add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 120, 32768);
- add_integer_row('nf_conntrack_tcp_timeout_established',
- 'nf_conntrack_tcp_timeout_established', 250, 7875);
+ add_boolean_row('ndp', 'NDP', 1);
+ add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120);
+ add_integer_row('nf_conntrack_tcp_timeout_established',
+ 'nf_conntrack_tcp_timeout_established', 7875, 250);
add_log_row('log_level_in');
add_log_row('log_level_out');
add_log_row('tcp_flags_log_level', 120);
add_log_row('smurf_log_level');
+ add_boolean_row('nftables', gettext('nftables (tech preview)'), 0);
} else if (me.fwtype === 'vm') {
- add_boolean_row('enable', gettext('Enable Firewall'), 0);
- add_boolean_row('dhcp', gettext('Enable DHCP'), 0);
- add_boolean_row('ndp', gettext('Enable NDP'), 1);
- add_boolean_row('radv', gettext('Allow Router Advertisement'), 0);
+ me.rows.enable = {
+ required: true,
+ defaultValue: 0,
+ header: gettext('Firewall'),
+ renderer: Proxmox.Utils.format_boolean,
+ editor: {
+ xtype: 'pveFirewallEnableEdit',
+ defaultValue: 0,
+ },
+ };
+ add_boolean_row('dhcp', 'DHCP', 1);
+ add_boolean_row('ndp', 'NDP', 1);
+ add_boolean_row('radv', gettext('Router Advertisement'), 0);
add_boolean_row('macfilter', gettext('MAC filter'), 1);
+ add_boolean_row('ipfilter', gettext('IP filter'), 0);
add_log_row('log_level_in');
add_log_row('log_level_out');
} else if (me.fwtype === 'dc') {
- add_boolean_row('enable', gettext('Enable Firewall'), 0);
- }
-
+ add_boolean_row('enable', gettext('Firewall'), 0);
+ add_boolean_row('ebtables', 'ebtables', 1);
+ me.rows.log_ratelimit = {
+ header: gettext('Log rate limit'),
+ required: true,
+ defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)',
+ editor: {
+ xtype: 'pveFirewallLograteEdit',
+ defaultValue: 'enable=1',
+ },
+ };
+ }
+
if (me.fwtype === 'dc' || me.fwtype === 'vm') {
- rows.policy_in = {
+ me.rows.policy_in = {
header: gettext('Input Policy'),
required: true,
defaultValue: 'DROP',
editor: {
- xtype: 'pveWindowEdit',
+ xtype: 'proxmoxWindowEdit',
subject: gettext('Input Policy'),
items: {
xtype: 'pveFirewallPolicySelector',
name: 'policy_in',
value: 'DROP',
- fieldLabel: gettext('Input Policy')
- }
- }
+ fieldLabel: gettext('Input Policy'),
+ },
+ },
};
- rows.policy_out = {
+ me.rows.policy_out = {
header: gettext('Output Policy'),
required: true,
defaultValue: 'ACCEPT',
editor: {
- xtype: 'pveWindowEdit',
+ xtype: 'proxmoxWindowEdit',
subject: gettext('Output Policy'),
items: {
xtype: 'pveFirewallPolicySelector',
name: 'policy_out',
value: 'ACCEPT',
- fieldLabel: gettext('Output Policy')
- }
- }
+ fieldLabel: gettext('Output Policy'),
+ },
+ },
};
}
- var reload = function() {
- me.rstore.load();
- };
-
- var run_editor = function() {
- var sm = me.getSelectionModel();
- var rec = sm.getSelection()[0];
- if (!rec) {
- return;
- }
-
- var rowdef = rows[rec.data.key];
- if (!rowdef.editor) {
- return;
- }
-
- var win;
- if (Ext.isString(rowdef.editor)) {
- win = Ext.create(rowdef.editor, {
- pveSelNode: me.pveSelNode,
- confid: rec.data.key,
- url: '/api2/extjs' + me.base_url
- });
- } else {
- var config = Ext.apply({
- pveSelNode: me.pveSelNode,
- confid: rec.data.key,
- url: '/api2/extjs' + me.base_url
- }, rowdef.editor);
- win = Ext.createWidget(rowdef.editor.xtype, config);
- win.load();
- }
-
- win.show();
- win.on('destroy', reload);
- };
-
var edit_btn = new Ext.Button({
text: gettext('Edit'),
disabled: true,
- handler: run_editor
+ handler: function() { me.run_editor(); },
});
var set_button_status = function() {
edit_btn.disable();
return;
}
- var rowdef = rows[rec.data.key];
- edit_btn.setDisabled(!rowdef.editor);
+ var rowdef = me.rows[rec.data.key];
+ if (canEdit) {
+ edit_btn.setDisabled(!rowdef.editor);
+ }
};
- Ext.applyIf(me, {
+ Ext.apply(me, {
url: "/api2/json" + me.base_url,
- cwidth1: 150,
- tbar: [ edit_btn ],
- rows: rows,
+ tbar: [edit_btn],
+ editorConfig: {
+ url: '/api2/extjs/' + me.base_url,
+ },
listeners: {
- itemdblclick: run_editor,
- selectionchange: set_button_status
- }
+ itemdblclick: () => { if (canEdit) { me.run_editor(); } },
+ selectionchange: set_button_status,
+ },
});
me.callParent();
- me.on('activate', reload);
- }
+ me.on('activate', me.rstore.startUpdate);
+ me.on('destroy', me.rstore.stopUpdate);
+ me.on('deactivate', me.rstore.stopUpdate);
+ },
+});
+
+
+Ext.define('PVE.FirewallLogLevels', {
+ extend: 'Proxmox.form.KVComboBox',
+ alias: ['widget.pveFirewallLogLevels'],
+
+ name: 'log',
+ fieldLabel: gettext('Log level'),
+ value: 'nolog',
+ comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'],
+ ['crit', 'crit'], ['err', 'err'], ['warning', 'warning'],
+ ['notice', 'notice'], ['info', 'info'], ['debug', 'debug']],
});