]>
git.proxmox.com Git - pve-firewall.git/blob - pvefw
70a2beecd954f867174c45fe7758d4812b22d65b
10 use PVE
::RPCEnvironment
;
12 use PVE
::JSONSchema
qw(get_standard_option);
16 use base
qw(PVE::CLIHandler);
18 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
22 die "please run as root\n" if $> != 0;
24 PVE
::INotify
::inotify_init
();
26 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
28 $rpcenv->init_request();
29 $rpcenv->set_language($ENV{LANG
});
30 $rpcenv->set_user('root@pam');
32 __PACKAGE__-
>register_method({
37 additionalProperties
=> 0,
39 vmid
=> get_standard_option
('pve-vmid'),
46 returns
=> { type
=> 'null' },
51 my $vmid = $param->{vmid
};
52 my $netid = $param->{netid
};
54 my $conf = PVE
::QemuServer
::load_config
($vmid);
56 foreach my $opt (keys %$conf) {
57 next if $opt !~ m/^net(\d+)$/;
58 my $net = PVE
::QemuServer
::parse_net
($conf->{$opt});
60 next if $netid && $opt != $netid;
61 PVE
::Firewall
::generate_tap_rules
($net, $opt, $vmid);
67 __PACKAGE__-
>register_method({
68 name
=> 'disablevmfw',
69 path
=> 'disablevmfw',
72 additionalProperties
=> 0,
74 vmid
=> get_standard_option
('pve-vmid'),
82 returns
=> { type
=> 'null' },
87 my $vmid = $param->{vmid
};
88 my $netid = $param->{netid
};
90 my $conf = PVE
::QemuServer
::load_config
($vmid);
92 foreach my $opt (keys %$conf) {
93 next if $opt !~ m/^net(\d+)$/;
94 my $net = PVE
::QemuServer
::parse_net
($conf->{$opt});
96 next if $netid && $opt != $netid;
97 PVE
::Firewall
::flush_tap_rules
($net, $opt, $vmid);
103 __PACKAGE__-
>register_method({
104 name
=> 'enablegroup',
105 path
=> 'enablegroup',
108 additionalProperties
=> 0,
115 returns
=> { type
=> 'null' },
119 my $group = $param->{securitygroup
};
120 PVE
::Firewall
::enable_group_rules
($group);
125 __PACKAGE__-
>register_method({
126 name
=> 'disablegroup',
127 path
=> 'disablegroup',
130 additionalProperties
=> 0,
138 returns
=> { type
=> 'null' },
142 my $group = $param->{securitygroup
};
143 PVE
::Firewall
::disable_group_rules
($group);
148 __PACKAGE__-
>register_method({
149 name
=> 'enablehostfw',
150 path
=> 'enablehostfw',
153 additionalProperties
=> 0,
156 returns
=> { type
=> 'null' },
161 PVE
::Firewall
::enablehostfw
();
166 __PACKAGE__-
>register_method({
167 name
=> 'disablehostfw',
168 path
=> 'disablehostfw',
171 additionalProperties
=> 0,
174 returns
=> { type
=> 'null' },
179 PVE
::Firewall
::disablehostfw
();
184 __PACKAGE__-
>register_method ({
188 description
=> "Compile firewall rules.",
190 additionalProperties
=> 0,
193 returns
=> { type
=> 'null' },
198 PVE
::Firewall
::compile
();
203 __PACKAGE__-
>register_method ({
207 description
=> "Start firewall.",
209 additionalProperties
=> 0,
212 returns
=> { type
=> 'null' },
217 PVE
::Firewall
::compile_and_start
();
222 __PACKAGE__-
>register_method ({
226 description
=> "Restart firewall.",
228 additionalProperties
=> 0,
231 returns
=> { type
=> 'null' },
236 PVE
::Firewall
::compile_and_start
(1);
241 __PACKAGE__-
>register_method ({
245 description
=> "Stop firewall.",
247 additionalProperties
=> 0,
250 returns
=> { type
=> 'null' },
255 PVE
::Tools
::run_command
(['shorewall', 'stop']);
260 __PACKAGE__-
>register_method ({
264 description
=> "Clear will remove all rules installed by this script. The host is then unprotected.",
266 additionalProperties
=> 0,
269 returns
=> { type
=> 'null' },
274 PVE
::Tools
::run_command
(['shorewall', 'clear']);
279 my $nodename = PVE
::INotify
::nodename
();
282 compile
=> [ __PACKAGE__
, 'compile', []],
283 start
=> [ __PACKAGE__
, 'start', []],
284 restart
=> [ __PACKAGE__
, 'restart', []],
285 stop
=> [ __PACKAGE__
, 'stop', []],
286 clear
=> [ __PACKAGE__
, 'clear', []],
287 enablevmfw
=> [ __PACKAGE__
, 'enablevmfw', []],
288 disablevmfw
=> [ __PACKAGE__
, 'disablevmfw', []],
289 enablehostfw
=> [ __PACKAGE__
, 'enablehostfw', []],
290 disablehostfw
=> [ __PACKAGE__
, 'disablehostfw', []],
291 enablegroup
=> [ __PACKAGE__
, 'enablegroup', []],
292 disablegroup
=> [ __PACKAGE__
, 'disablegroup', []],
297 PVE
::CLIHandler
::handle_cmd
($cmddef, "pvefw", $cmd, \
@ARGV, undef, $0);