pvefw

   1 #!/usr/bin/perl -w
   2
   3 use strict;
   4 use lib qw(.);
   5 use PVE::Firewall;
   6
   7 use PVE::SafeSyslog;
   8 use PVE::Cluster;
   9 use PVE::INotify;
  10 use PVE::RPCEnvironment;
  11
  12 use PVE::JSONSchema qw(get_standard_option);
  13
  14 use PVE::CLIHandler;
  15
  16 use base qw(PVE::CLIHandler);
  17
  18 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
  19
  20 initlog ('pvefw');
  21
  22 die "please run as root\n" if $> != 0;
  23
  24 PVE::INotify::inotify_init();
  25
  26 my $rpcenv = PVE::RPCEnvironment->init('cli');
  27
  28 $rpcenv->init_request();
  29 $rpcenv->set_language($ENV{LANG});
  30 $rpcenv->set_user('root@pam');
  31
  32
  33 __PACKAGE__->register_method ({
  34     name => 'compile',
  35     path => 'compile',
  36     method => 'POST',
  37     description => "Compile firewall rules.",
  38     parameters => {
  39         additionalProperties => 0,
  40         properties => {},
  41     },
  42     returns => { type => 'null' },
  43
  44     code => sub {
  45         my ($param) = @_;
  46
  47         PVE::Firewall::compile();
  48
  49         return undef;
  50     }});
  51
  52 __PACKAGE__->register_method ({
  53     name => 'start',
  54     path => 'start',
  55     method => 'POST',
  56     description => "Start firewall.",
  57     parameters => {
  58         additionalProperties => 0,
  59         properties => {},
  60     },
  61     returns => { type => 'null' },
  62
  63     code => sub {
  64         my ($param) = @_;
  65
  66         PVE::Firewall::compile_and_start();
  67
  68         return undef;
  69     }});
  70
  71 __PACKAGE__->register_method ({
  72     name => 'restart',
  73     path => 'restart',
  74     method => 'POST',
  75     description => "Restart firewall.",
  76     parameters => {
  77         additionalProperties => 0,
  78         properties => {},
  79     },
  80     returns => { type => 'null' },
  81
  82     code => sub {
  83         my ($param) = @_;
  84
  85         PVE::Firewall::compile_and_start(1);
  86
  87         return undef;
  88     }});
  89
  90 __PACKAGE__->register_method ({
  91     name => 'stop',
  92     path => 'stop',
  93     method => 'POST',
  94     description => "Stop firewall.",
  95     parameters => {
  96         additionalProperties => 0,
  97         properties => {},
  98     },
  99     returns => { type => 'null' },
 100
 101     code => sub {
 102         my ($param) = @_;
 103
 104         PVE::Tools::run_command(['shorewall', 'stop']);
 105
 106         return undef;
 107     }});
 108
 109 __PACKAGE__->register_method ({
 110     name => 'clear',
 111     path => 'clear',
 112     method => 'POST',
 113     description => "Clear will remove all rules installed by this script. The host is then unprotected.",
 114     parameters => {
 115         additionalProperties => 0,
 116         properties => {},
 117     },
 118     returns => { type => 'null' },
 119
 120     code => sub {
 121         my ($param) = @_;
 122
 123         PVE::Tools::run_command(['shorewall', 'clear']);
 124
 125         return undef;
 126     }});
 127
 128 my $nodename = PVE::INotify::nodename();
 129
 130 my $cmddef = {
 131     compile => [ __PACKAGE__, 'compile', []],
 132     start => [ __PACKAGE__, 'start', []],
 133     restart => [ __PACKAGE__, 'restart', []],
 134     stop => [ __PACKAGE__, 'stop', []],
 135     clear => [ __PACKAGE__, 'clear', []],
 136 };
 137
 138 my $cmd = shift;
 139
 140 PVE::CLIHandler::handle_cmd($cmddef, "pvefw", $cmd, \@ARGV, undef, $0);
 141
 142 exit(0);
 143