From 72d055fc4a0ddb512efc72712416910d55c93781 Mon Sep 17 00:00:00 2001 From: Alen Grizonic Date: Thu, 25 Jun 2015 10:06:27 +0200 Subject: [PATCH] firewall autodisable firewall enable parameter type changed from boolean to integer so it can store the timestamp of the firewall enable call to avoid an admin remote lockout Signed-off-by: Alen Grizonic --- src/PVE/API2/Firewall/Cluster.pm | 7 ++++--- src/PVE/Firewall.pm | 8 ++++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/PVE/API2/Firewall/Cluster.pm b/src/PVE/API2/Firewall/Cluster.pm index 0f6b98c..b924f4e 100644 --- a/src/PVE/API2/Firewall/Cluster.pm +++ b/src/PVE/API2/Firewall/Cluster.pm @@ -73,7 +73,8 @@ __PACKAGE__->register_method({ my $option_properties = { enable => { - type => 'boolean', + type => 'integer', + minimum => 0, optional => 1, }, policy_in => { @@ -163,8 +164,8 @@ __PACKAGE__->register_method({ } } - if (defined($param->{enable})) { - $param->{enable} = $param->{enable} ? 1 : 0; + if (defined($param->{enable}) && ($param->{enable} > 1)) { + $param->{enable} = time(); } foreach my $k (keys %$option_properties) { diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index f0c105e..93c2286 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -1106,7 +1106,8 @@ my $rule_properties = { optional => 1, }, enable => { - type => 'boolean', + type => 'integer', + minimum => 0, optional => 1, }, sport => { @@ -2360,9 +2361,12 @@ sub parse_clusterfw_option { my ($opt, $value); - if ($line =~ m/^(enable):\s*(0|1)\s*$/i) { + if ($line =~ m/^(enable):\s*(\d+)\s*$/i) { $opt = lc($1); $value = int($2); + if (($value > 1) && ((time() - $value) > 60)) { + $value = 0 + } } elsif ($line =~ m/^(policy_(in|out)):\s*(ACCEPT|DROP|REJECT)\s*$/i) { $opt = lc($1); $value = uc($3); -- 2.39.2