remove shorewall specific commands
[pve-firewall.git] / pvefw
CommitLineData
b6360c3f
DM
1#!/usr/bin/perl -w
2
3use strict;
4use lib qw(.);
5use PVE::Firewall;
dddd9413 6
80bfe1ff
DM
7use PVE::SafeSyslog;
8use PVE::Cluster;
9use PVE::INotify;
10use PVE::RPCEnvironment;
b6360c3f 11
80bfe1ff
DM
12use PVE::JSONSchema qw(get_standard_option);
13
14use PVE::CLIHandler;
15
16use base qw(PVE::CLIHandler);
17
18$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
19
20initlog ('pvefw');
21
22die "please run as root\n" if $> != 0;
23
24PVE::INotify::inotify_init();
25
26my $rpcenv = PVE::RPCEnvironment->init('cli');
27
28$rpcenv->init_request();
29$rpcenv->set_language($ENV{LANG});
30$rpcenv->set_user('root@pam');
b6360c3f 31
3a616aa0 32__PACKAGE__->register_method({
462a6553
AD
33 name => 'enablevmfw',
34 path => 'enablevmfw',
3a616aa0
AD
35 method => 'POST',
36 parameters => {
37 additionalProperties => 0,
38 properties => {
39 vmid => get_standard_option('pve-vmid'),
40 netid => {
41 type => 'string',
462a6553 42 optional => 1
3a616aa0 43 },
3a616aa0
AD
44 },
45 },
46 returns => { type => 'null' },
47 code => sub {
48 my ($param) = @_;
49
50 # test if VM exists
51 my $vmid = $param->{vmid};
52 my $netid = $param->{netid};
53
54 my $conf = PVE::QemuServer::load_config($vmid);
3a616aa0 55
462a6553
AD
56 foreach my $opt (keys %$conf) {
57 next if $opt !~ m/^net(\d+)$/;
58 my $net = PVE::QemuServer::parse_net($conf->{$opt});
59 next if !$net;
60 next if $netid && $opt != $netid;
61 PVE::Firewall::generate_tap_rules($net, $opt, $vmid);
62 }
3a616aa0
AD
63
64 return undef;
65 }});
66
67__PACKAGE__->register_method({
462a6553
AD
68 name => 'disablevmfw',
69 path => 'disablevmfw',
3a616aa0
AD
70 method => 'POST',
71 parameters => {
72 additionalProperties => 0,
73 properties => {
74 vmid => get_standard_option('pve-vmid'),
75 netid => {
76 type => 'string',
462a6553 77 optional => 1
3a616aa0
AD
78 },
79
80 },
81 },
82 returns => { type => 'null' },
83 code => sub {
84 my ($param) = @_;
85
86 # test if VM exists
87 my $vmid = $param->{vmid};
88 my $netid = $param->{netid};
89
90 my $conf = PVE::QemuServer::load_config($vmid);
3a616aa0 91
462a6553
AD
92 foreach my $opt (keys %$conf) {
93 next if $opt !~ m/^net(\d+)$/;
94 my $net = PVE::QemuServer::parse_net($conf->{$opt});
95 next if !$net;
96 next if $netid && $opt != $netid;
97 PVE::Firewall::flush_tap_rules($net, $opt, $vmid);
98 }
3a616aa0
AD
99
100 return undef;
101 }});
9aab3127 102
9d31b418
AD
103__PACKAGE__->register_method({
104 name => 'enablegroup',
105 path => 'enablegroup',
106 method => 'POST',
107 parameters => {
108 additionalProperties => 0,
109 properties => {
110 securitygroup => {
111 type => 'string',
112 },
113 },
114 },
115 returns => { type => 'null' },
116 code => sub {
117 my ($param) = @_;
118
119 my $group = $param->{securitygroup};
120 PVE::Firewall::enable_group_rules($group);
121
122 return undef;
123 }});
124
125__PACKAGE__->register_method({
126 name => 'disablegroup',
127 path => 'disablegroup',
128 method => 'POST',
129 parameters => {
130 additionalProperties => 0,
131 properties => {
132 securitygroup => {
133 type => 'string',
134 },
135
136 },
137 },
138 returns => { type => 'null' },
139 code => sub {
140 my ($param) = @_;
141
142 my $group = $param->{securitygroup};
143 PVE::Firewall::disable_group_rules($group);
144
145 return undef;
146 }});
147
0bd5f137
AD
148__PACKAGE__->register_method({
149 name => 'enablehostfw',
150 path => 'enablehostfw',
151 method => 'POST',
152 parameters => {
153 additionalProperties => 0,
154 properties => {},
155 },
156 returns => { type => 'null' },
157
158 code => sub {
159 my ($param) = @_;
160
161 PVE::Firewall::enablehostfw();
162
163 return undef;
164 }});
165
166__PACKAGE__->register_method({
167 name => 'disablehostfw',
168 path => 'disablehostfw',
169 method => 'POST',
170 parameters => {
171 additionalProperties => 0,
172 properties => {},
173 },
174 returns => { type => 'null' },
175
176 code => sub {
177 my ($param) = @_;
178
179 PVE::Firewall::disablehostfw();
180
181 return undef;
182 }});
183
80bfe1ff
DM
184__PACKAGE__->register_method ({
185 name => 'compile',
186 path => 'compile',
187 method => 'POST',
188 description => "Compile firewall rules.",
189 parameters => {
190 additionalProperties => 0,
191 properties => {},
192 },
193 returns => { type => 'null' },
194
195 code => sub {
196 my ($param) = @_;
197
5e1267a5 198 PVE::Firewall::compile();
f789653a 199
5e1267a5
DM
200 return undef;
201 }});
80bfe1ff 202
5e1267a5
DM
203__PACKAGE__->register_method ({
204 name => 'start',
205 path => 'start',
206 method => 'POST',
a332200b 207 description => "Start (or restart if already active) firewall.",
5e1267a5
DM
208 parameters => {
209 additionalProperties => 0,
210 properties => {},
211 },
212 returns => { type => 'null' },
80bfe1ff 213
5e1267a5
DM
214 code => sub {
215 my ($param) = @_;
80bfe1ff 216
5e1267a5 217 PVE::Firewall::compile_and_start();
80bfe1ff
DM
218
219 return undef;
80bfe1ff
DM
220 }});
221
80bfe1ff
DM
222__PACKAGE__->register_method ({
223 name => 'stop',
224 path => 'stop',
225 method => 'POST',
a332200b 226 description => "Stop firewall. This will remove all rules installed by this script. The host is then unprotected.",
80bfe1ff
DM
227 parameters => {
228 additionalProperties => 0,
229 properties => {},
230 },
231 returns => { type => 'null' },
232
233 code => sub {
234 my ($param) = @_;
235
a332200b 236 die "implement me";
80bfe1ff
DM
237
238 return undef;
239 }});
240
241my $nodename = PVE::INotify::nodename();
242
243my $cmddef = {
244 compile => [ __PACKAGE__, 'compile', []],
245 start => [ __PACKAGE__, 'start', []],
5e1267a5 246 restart => [ __PACKAGE__, 'restart', []],
80bfe1ff 247 stop => [ __PACKAGE__, 'stop', []],
462a6553
AD
248 enablevmfw => [ __PACKAGE__, 'enablevmfw', []],
249 disablevmfw => [ __PACKAGE__, 'disablevmfw', []],
0bd5f137
AD
250 enablehostfw => [ __PACKAGE__, 'enablehostfw', []],
251 disablehostfw => [ __PACKAGE__, 'disablehostfw', []],
9d31b418
AD
252 enablegroup => [ __PACKAGE__, 'enablegroup', []],
253 disablegroup => [ __PACKAGE__, 'disablegroup', []],
80bfe1ff
DM
254};
255
256my $cmd = shift;
257
258PVE::CLIHandler::handle_cmd($cmddef, "pvefw", $cmd, \@ARGV, undef, $0);
b6360c3f
DM
259
260exit(0);
80bfe1ff 261