]>
git.proxmox.com Git - pve-firewall.git/blob - pvefw
10 use PVE
::RPCEnvironment
;
12 use PVE
::JSONSchema
qw(get_standard_option);
16 use base
qw(PVE::CLIHandler);
18 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
22 die "please run as root\n" if $> != 0;
24 PVE
::INotify
::inotify_init
();
26 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
28 $rpcenv->init_request();
29 $rpcenv->set_language($ENV{LANG
});
30 $rpcenv->set_user('root@pam');
32 __PACKAGE__-
>register_method ({
36 description
=> "Compile amd print firewall rules. This is only for testing.",
38 additionalProperties
=> 0,
41 description
=> "Verbose output.",
48 returns
=> { type
=> 'null' },
54 my $ruleset = PVE
::Firewall
::compile
();
55 PVE
::Firewall
::get_ruleset_status
($ruleset, 1) if $param->{verbose
};
58 PVE
::Firewall
::run_locked
($code);
63 __PACKAGE__-
>register_method ({
67 description
=> "Start (or restart if already active) firewall.",
69 additionalProperties
=> 0,
72 description
=> "Verbose output.",
79 returns
=> { type
=> 'null' },
85 PVE
::Firewall
::compile_and_start
($param->{verbose
});
88 PVE
::Firewall
::run_locked
($code);
93 __PACKAGE__-
>register_method ({
97 description
=> "Stop firewall. This will remove all rules installed by this script. The host is then unprotected.",
99 additionalProperties
=> 0,
102 returns
=> { type
=> 'null' },
108 my $chash = PVE
::Firewall
::iptables_get_chains
();
109 my $cmdlist = "*filter\n";
110 my $rule = "INPUT -j proxmoxfw-INPUT";
111 if (PVE
::Firewall
::iptables_rule_exist
($rule)) {
112 $cmdlist .= "-D $rule\n";
114 $rule = "OUTPUT -j proxmoxfw-OUTPUT";
115 if (PVE
::Firewall
::iptables_rule_exist
($rule)) {
116 $cmdlist .= "-D $rule\n";
119 $rule = "FORWARD -j proxmoxfw-FORWARD";
120 if (PVE
::Firewall
::iptables_rule_exist
($rule)) {
121 $cmdlist .= "-D $rule\n";
124 foreach my $chain (keys %$chash) {
125 $cmdlist .= "-F $chain\n";
127 foreach my $chain (keys %$chash) {
128 $cmdlist .= "-X $chain\n";
130 $cmdlist .= "COMMIT\n";
132 PVE
::Firewall
::iptables_restore_cmdlist
($cmdlist);
135 PVE
::Firewall
::run_locked
($code);
140 my $nodename = PVE
::INotify
::nodename
();
143 compile
=> [ __PACKAGE__
, 'compile', []],
144 start
=> [ __PACKAGE__
, 'start', []],
145 stop
=> [ __PACKAGE__
, 'stop', []],
150 PVE
::CLIHandler
::handle_cmd
($cmddef, "pvefw", $cmd, \
@ARGV, undef, $0);