]>
git.proxmox.com Git - pve-firewall.git/blob - pvefw
10 use PVE
::RPCEnvironment
;
12 use PVE
::JSONSchema
qw(get_standard_option);
16 use base
qw(PVE::CLIHandler);
18 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
22 die "please run as root\n" if $> != 0;
24 PVE
::INotify
::inotify_init
();
26 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
28 $rpcenv->init_request();
29 $rpcenv->set_language($ENV{LANG
});
30 $rpcenv->set_user('root@pam');
32 __PACKAGE__-
>register_method({
33 name
=> 'enabletaprules',
34 path
=> 'enabletaprules',
37 additionalProperties
=> 0,
39 vmid
=> get_standard_option
('pve-vmid'),
46 returns
=> { type
=> 'null' },
51 my $vmid = $param->{vmid
};
52 my $netid = $param->{netid
};
54 my $conf = PVE
::QemuServer
::load_config
($vmid);
55 my $net = PVE
::QemuServer
::parse_net
($conf->{$netid});
57 PVE
::Firewall
::generate_tap_rules
($net, $netid, $vmid);
62 __PACKAGE__-
>register_method({
63 name
=> 'disabletaprules',
64 path
=> 'disabletaprules',
67 additionalProperties
=> 0,
69 vmid
=> get_standard_option
('pve-vmid'),
76 returns
=> { type
=> 'null' },
81 my $vmid = $param->{vmid
};
82 my $netid = $param->{netid
};
84 my $conf = PVE
::QemuServer
::load_config
($vmid);
85 my $net = PVE
::QemuServer
::parse_net
($conf->{$netid});
87 PVE
::Firewall
::flush_tap_rules
($net, $netid, $vmid);
92 __PACKAGE__-
>register_method ({
96 description
=> "Compile firewall rules.",
98 additionalProperties
=> 0,
101 returns
=> { type
=> 'null' },
106 PVE
::Firewall
::compile
();
111 __PACKAGE__-
>register_method ({
115 description
=> "Start firewall.",
117 additionalProperties
=> 0,
120 returns
=> { type
=> 'null' },
125 PVE
::Firewall
::compile_and_start
();
130 __PACKAGE__-
>register_method ({
134 description
=> "Restart firewall.",
136 additionalProperties
=> 0,
139 returns
=> { type
=> 'null' },
144 PVE
::Firewall
::compile_and_start
(1);
149 __PACKAGE__-
>register_method ({
153 description
=> "Stop firewall.",
155 additionalProperties
=> 0,
158 returns
=> { type
=> 'null' },
163 PVE
::Tools
::run_command
(['shorewall', 'stop']);
168 __PACKAGE__-
>register_method ({
172 description
=> "Clear will remove all rules installed by this script. The host is then unprotected.",
174 additionalProperties
=> 0,
177 returns
=> { type
=> 'null' },
182 PVE
::Tools
::run_command
(['shorewall', 'clear']);
187 my $nodename = PVE
::INotify
::nodename
();
190 compile
=> [ __PACKAGE__
, 'compile', []],
191 start
=> [ __PACKAGE__
, 'start', []],
192 restart
=> [ __PACKAGE__
, 'restart', []],
193 stop
=> [ __PACKAGE__
, 'stop', []],
194 clear
=> [ __PACKAGE__
, 'clear', []],
195 enabletaprules
=> [ __PACKAGE__
, 'enabletaprules', []],
196 disabletaprules
=> [ __PACKAGE__
, 'disabletaprules', []],
201 PVE
::CLIHandler
::handle_cmd
($cmddef, "pvefw", $cmd, \
@ARGV, undef, $0);