]>
git.proxmox.com Git - pve-firewall.git/blob - pvefw
10 use PVE
::RPCEnvironment
;
12 use PVE
::JSONSchema
qw(get_standard_option);
16 use base
qw(PVE::CLIHandler);
18 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
22 die "please run as root\n" if $> != 0;
24 PVE
::INotify
::inotify_init
();
26 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
28 $rpcenv->init_request();
29 $rpcenv->set_language($ENV{LANG
});
30 $rpcenv->set_user('root@pam');
32 __PACKAGE__-
>register_method({
37 additionalProperties
=> 0,
39 vmid
=> get_standard_option
('pve-vmid'),
46 returns
=> { type
=> 'null' },
51 my $vmid = $param->{vmid
};
52 my $netid = $param->{netid
};
55 my $conf = PVE
::QemuServer
::load_config
($vmid);
57 foreach my $opt (keys %$conf) {
58 next if $opt !~ m/^net(\d+)$/;
59 my $net = PVE
::QemuServer
::parse_net
($conf->{$opt});
61 next if $netid && $opt != $netid;
62 PVE
::Firewall
::generate_tap_rules
($net, $opt, $vmid);
66 PVE
::Firewall
::run_locked
($code);
71 __PACKAGE__-
>register_method({
72 name
=> 'disablevmfw',
73 path
=> 'disablevmfw',
76 additionalProperties
=> 0,
78 vmid
=> get_standard_option
('pve-vmid'),
86 returns
=> { type
=> 'null' },
91 my $vmid = $param->{vmid
};
92 my $netid = $param->{netid
};
96 my $conf = PVE
::QemuServer
::load_config
($vmid);
98 foreach my $opt (keys %$conf) {
99 next if $opt !~ m/^net(\d+)$/;
100 my $net = PVE
::QemuServer
::parse_net
($conf->{$opt});
102 next if $netid && $opt != $netid;
103 PVE
::Firewall
::flush_tap_rules
($net, $opt, $vmid);
107 PVE
::Firewall
::run_locked
($code);
112 __PACKAGE__-
>register_method({
113 name
=> 'enablegroup',
114 path
=> 'enablegroup',
117 additionalProperties
=> 0,
124 returns
=> { type
=> 'null' },
129 my $group = $param->{securitygroup
};
130 PVE
::Firewall
::enable_group_rules
($group);
133 PVE
::Firewall
::run_locked
($code);
138 __PACKAGE__-
>register_method({
139 name
=> 'disablegroup',
140 path
=> 'disablegroup',
143 additionalProperties
=> 0,
151 returns
=> { type
=> 'null' },
156 my $group = $param->{securitygroup
};
157 PVE
::Firewall
::disable_group_rules
($group);
160 PVE
::Firewall
::run_locked
($code);
165 __PACKAGE__-
>register_method({
166 name
=> 'enablehostfw',
167 path
=> 'enablehostfw',
170 additionalProperties
=> 0,
173 returns
=> { type
=> 'null' },
179 PVE
::Firewall
::enablehostfw
();
182 PVE
::Firewall
::run_locked
($code);
187 __PACKAGE__-
>register_method({
188 name
=> 'disablehostfw',
189 path
=> 'disablehostfw',
192 additionalProperties
=> 0,
195 returns
=> { type
=> 'null' },
201 PVE
::Firewall
::disablehostfw
();
204 PVE
::Firewall
::run_locked
($code);
209 __PACKAGE__-
>register_method ({
213 description
=> "Compile firewall rules.",
215 additionalProperties
=> 0,
218 returns
=> { type
=> 'null' },
224 PVE
::Firewall
::compile
();
227 PVE
::Firewall
::run_locked
($code);
232 __PACKAGE__-
>register_method ({
236 description
=> "Start (or restart if already active) firewall.",
238 additionalProperties
=> 0,
241 returns
=> { type
=> 'null' },
247 PVE
::Firewall
::compile_and_start
();
250 PVE
::Firewall
::run_locked
($code);
255 __PACKAGE__-
>register_method ({
259 description
=> "Stop firewall. This will remove all rules installed by this script. The host is then unprotected.",
261 additionalProperties
=> 0,
264 returns
=> { type
=> 'null' },
273 PVE
::Firewall
::run_locked
($code);
278 my $nodename = PVE
::INotify
::nodename
();
281 compile
=> [ __PACKAGE__
, 'compile', []],
282 start
=> [ __PACKAGE__
, 'start', []],
283 restart
=> [ __PACKAGE__
, 'restart', []],
284 stop
=> [ __PACKAGE__
, 'stop', []],
285 enablevmfw
=> [ __PACKAGE__
, 'enablevmfw', []],
286 disablevmfw
=> [ __PACKAGE__
, 'disablevmfw', []],
287 enablehostfw
=> [ __PACKAGE__
, 'enablehostfw', []],
288 disablehostfw
=> [ __PACKAGE__
, 'disablehostfw', []],
289 enablegroup
=> [ __PACKAGE__
, 'enablegroup', []],
290 disablegroup
=> [ __PACKAGE__
, 'disablegroup', []],
295 PVE
::CLIHandler
::handle_cmd
($cmddef, "pvefw", $cmd, \
@ARGV, undef, $0);