[pve-firewall.git] / pvefw

#!/usr/bin/perl -w

use strict;
use lib qw(.);
use PVE::Firewall;

use PVE::SafeSyslog;
use PVE::Cluster;
use PVE::INotify;
use PVE::RPCEnvironment;

use PVE::JSONSchema qw(get_standard_option);

use PVE::CLIHandler;

use base qw(PVE::CLIHandler);

$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';

initlog ('pvefw');

die "please run as root\n" if $> != 0;

PVE::INotify::inotify_init();

my $rpcenv = PVE::RPCEnvironment->init('cli');

$rpcenv->init_request();
$rpcenv->set_language($ENV{LANG});
$rpcenv->set_user('root@pam');


__PACKAGE__->register_method ({
    name => 'compile',
    path => 'compile',
    method => 'POST',
    description => "Compile firewall rules.",
    parameters => {
    	additionalProperties => 0,
	properties => {},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	PVE::Firewall::compile();

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'start',
    path => 'start',
    method => 'POST',
    description => "Start firewall.",
    parameters => {
    	additionalProperties => 0,
	properties => {},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	PVE::Firewall::compile_and_start();

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'restart',
    path => 'restart',
    method => 'POST',
    description => "Restart firewall.",
    parameters => {
    	additionalProperties => 0,
	properties => {},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	PVE::Firewall::compile_and_start(1);

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'stop',
    path => 'stop',
    method => 'POST',
    description => "Stop firewall.",
    parameters => {
    	additionalProperties => 0,
	properties => {},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	PVE::Tools::run_command(['shorewall', 'stop']);

	return undef;
    }});

__PACKAGE__->register_method ({
    name => 'clear',
    path => 'clear',
    method => 'POST',
    description => "Clear will remove all rules installed by this script. The host is then unprotected.",
    parameters => {
    	additionalProperties => 0,
	properties => {},
    },
    returns => { type => 'null' },

    code => sub {
	my ($param) = @_;

	PVE::Tools::run_command(['shorewall', 'clear']);

	return undef;
    }});

my $nodename = PVE::INotify::nodename();

my $cmddef = {
    compile => [ __PACKAGE__, 'compile', []],
    start => [ __PACKAGE__, 'start', []],
    restart => [ __PACKAGE__, 'restart', []],
    stop => [ __PACKAGE__, 'stop', []],
    clear => [ __PACKAGE__, 'clear', []],
};

my $cmd = shift;

PVE::CLIHandler::handle_cmd($cmddef, "pvefw", $cmd, \@ARGV, undef, $0);

exit(0);
Commit	Line	Data
b6360c3f DM	1	#!/usr/bin/perl -w
	2
	3	use strict;
	4	use lib qw(.);
	5	use PVE::Firewall;
dddd9413	6
80bfe1ff DM	7	use PVE::SafeSyslog;
	8	use PVE::Cluster;
	9	use PVE::INotify;
	10	use PVE::RPCEnvironment;
b6360c3f	11
80bfe1ff DM	12	use PVE::JSONSchema qw(get_standard_option);
	13
	14	use PVE::CLIHandler;
	15
	16	use base qw(PVE::CLIHandler);
	17
	18	$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
	19
	20	initlog ('pvefw');
	21
	22	die "please run as root\n" if $> != 0;
	23
	24	PVE::INotify::inotify_init();
	25
	26	my $rpcenv = PVE::RPCEnvironment->init('cli');
	27
	28	$rpcenv->init_request();
	29	$rpcenv->set_language($ENV{LANG});
	30	$rpcenv->set_user('root@pam');
b6360c3f	31
9aab3127	32
80bfe1ff DM	33	__PACKAGE__->register_method ({
	34	name => 'compile',
	35	path => 'compile',
	36	method => 'POST',
	37	description => "Compile firewall rules.",
	38	parameters => {
	39	additionalProperties => 0,
	40	properties => {},
	41	},
	42	returns => { type => 'null' },
	43
	44	code => sub {
	45	my ($param) = @_;
	46
5e1267a5	47	PVE::Firewall::compile();
f789653a	48
5e1267a5 DM	49	return undef;
5e1267a5 DM	50	}});
80bfe1ff	51
5e1267a5 DM	52	__PACKAGE__->register_method ({
	53	name => 'start',
	54	path => 'start',
	55	method => 'POST',
	56	description => "Start firewall.",
	57	parameters => {
	58	additionalProperties => 0,
	59	properties => {},
	60	},
	61	returns => { type => 'null' },
80bfe1ff	62
5e1267a5 DM	63	code => sub {
5e1267a5 DM	64	my ($param) = @_;
80bfe1ff	65
5e1267a5	66	PVE::Firewall::compile_and_start();
80bfe1ff DM	67
80bfe1ff DM	68	return undef;
80bfe1ff DM	69	}});
	70
	71	__PACKAGE__->register_method ({
5e1267a5 DM	72	name => 'restart',
5e1267a5 DM	73	path => 'restart',
80bfe1ff	74	method => 'POST',
5e1267a5	75	description => "Restart firewall.",
80bfe1ff DM	76	parameters => {
	77	additionalProperties => 0,
	78	properties => {},
	79	},
	80	returns => { type => 'null' },
	81
	82	code => sub {
	83	my ($param) = @_;
	84
5e1267a5	85	PVE::Firewall::compile_and_start(1);
80bfe1ff DM	86
	87	return undef;
	88	}});
	89
	90	__PACKAGE__->register_method ({
	91	name => 'stop',
	92	path => 'stop',
	93	method => 'POST',
	94	description => "Stop firewall.",
	95	parameters => {
	96	additionalProperties => 0,
	97	properties => {},
	98	},
	99	returns => { type => 'null' },
	100
	101	code => sub {
	102	my ($param) = @_;
	103
	104	PVE::Tools::run_command(['shorewall', 'stop']);
	105
	106	return undef;
	107	}});
	108
	109	__PACKAGE__->register_method ({
	110	name => 'clear',
	111	path => 'clear',
	112	method => 'POST',
	113	description => "Clear will remove all rules installed by this script. The host is then unprotected.",
	114	parameters => {
	115	additionalProperties => 0,
	116	properties => {},
	117	},
	118	returns => { type => 'null' },
	119
	120	code => sub {
	121	my ($param) = @_;
	122
	123	PVE::Tools::run_command(['shorewall', 'clear']);
	124
	125	return undef;
	126	}});
	127
	128	my $nodename = PVE::INotify::nodename();
	129
	130	my $cmddef = {
	131	compile => [ __PACKAGE__, 'compile', []],
	132	start => [ __PACKAGE__, 'start', []],
5e1267a5	133	restart => [ __PACKAGE__, 'restart', []],
80bfe1ff DM	134	stop => [ __PACKAGE__, 'stop', []],
	135	clear => [ __PACKAGE__, 'clear', []],
	136	};
	137
	138	my $cmd = shift;
	139
	140	PVE::CLIHandler::handle_cmd($cmddef, "pvefw", $cmd, \@ARGV, undef, $0);
b6360c3f DM	141
b6360c3f DM	142	exit(0);
80bfe1ff	143