]>
git.proxmox.com Git - pve-firewall.git/blob - pvefw
10 use PVE
::RPCEnvironment
;
12 use PVE
::JSONSchema
qw(get_standard_option);
16 use base
qw(PVE::CLIHandler);
18 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
22 die "please run as root\n" if $> != 0;
24 PVE
::INotify
::inotify_init
();
26 my $rpcenv = PVE
::RPCEnvironment-
>init('cli');
28 $rpcenv->init_request();
29 $rpcenv->set_language($ENV{LANG
});
30 $rpcenv->set_user('root@pam');
32 __PACKAGE__-
>register_method({
37 additionalProperties
=> 0,
39 vmid
=> get_standard_option
('pve-vmid'),
46 returns
=> { type
=> 'null' },
51 my $vmid = $param->{vmid
};
52 my $netid = $param->{netid
};
54 my $conf = PVE
::QemuServer
::load_config
($vmid);
56 foreach my $opt (keys %$conf) {
57 next if $opt !~ m/^net(\d+)$/;
58 my $net = PVE
::QemuServer
::parse_net
($conf->{$opt});
60 next if $netid && $opt != $netid;
61 PVE
::Firewall
::generate_tap_rules
($net, $opt, $vmid);
67 __PACKAGE__-
>register_method({
68 name
=> 'disablevmfw',
69 path
=> 'disablevmfw',
72 additionalProperties
=> 0,
74 vmid
=> get_standard_option
('pve-vmid'),
82 returns
=> { type
=> 'null' },
87 my $vmid = $param->{vmid
};
88 my $netid = $param->{netid
};
90 my $conf = PVE
::QemuServer
::load_config
($vmid);
92 foreach my $opt (keys %$conf) {
93 next if $opt !~ m/^net(\d+)$/;
94 my $net = PVE
::QemuServer
::parse_net
($conf->{$opt});
96 next if $netid && $opt != $netid;
97 PVE
::Firewall
::flush_tap_rules
($net, $opt, $vmid);
103 __PACKAGE__-
>register_method({
104 name
=> 'enablehostfw',
105 path
=> 'enablehostfw',
108 additionalProperties
=> 0,
111 returns
=> { type
=> 'null' },
116 PVE
::Firewall
::enablehostfw
();
121 __PACKAGE__-
>register_method({
122 name
=> 'disablehostfw',
123 path
=> 'disablehostfw',
126 additionalProperties
=> 0,
129 returns
=> { type
=> 'null' },
134 PVE
::Firewall
::disablehostfw
();
139 __PACKAGE__-
>register_method ({
143 description
=> "Compile firewall rules.",
145 additionalProperties
=> 0,
148 returns
=> { type
=> 'null' },
153 PVE
::Firewall
::compile
();
158 __PACKAGE__-
>register_method ({
162 description
=> "Start firewall.",
164 additionalProperties
=> 0,
167 returns
=> { type
=> 'null' },
172 PVE
::Firewall
::compile_and_start
();
177 __PACKAGE__-
>register_method ({
181 description
=> "Restart firewall.",
183 additionalProperties
=> 0,
186 returns
=> { type
=> 'null' },
191 PVE
::Firewall
::compile_and_start
(1);
196 __PACKAGE__-
>register_method ({
200 description
=> "Stop firewall.",
202 additionalProperties
=> 0,
205 returns
=> { type
=> 'null' },
210 PVE
::Tools
::run_command
(['shorewall', 'stop']);
215 __PACKAGE__-
>register_method ({
219 description
=> "Clear will remove all rules installed by this script. The host is then unprotected.",
221 additionalProperties
=> 0,
224 returns
=> { type
=> 'null' },
229 PVE
::Tools
::run_command
(['shorewall', 'clear']);
234 my $nodename = PVE
::INotify
::nodename
();
237 compile
=> [ __PACKAGE__
, 'compile', []],
238 start
=> [ __PACKAGE__
, 'start', []],
239 restart
=> [ __PACKAGE__
, 'restart', []],
240 stop
=> [ __PACKAGE__
, 'stop', []],
241 clear
=> [ __PACKAGE__
, 'clear', []],
242 enablevmfw
=> [ __PACKAGE__
, 'enablevmfw', []],
243 disablevmfw
=> [ __PACKAGE__
, 'disablevmfw', []],
244 enablehostfw
=> [ __PACKAGE__
, 'enablehostfw', []],
245 disablehostfw
=> [ __PACKAGE__
, 'disablehostfw', []],
250 PVE
::CLIHandler
::handle_cmd
($cmddef, "pvefw", $cmd, \
@ARGV, undef, $0);