]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/Cluster.pm
1 package PVE
::API2
::Firewall
::Cluster
;
5 use PVE
::Exception
qw(raise raise_param_exc raise_perm_exc);
6 use PVE
::JSONSchema
qw(get_standard_option);
9 use PVE
::API2
::Firewall
::Rules
;
10 use PVE
::API2
::Firewall
::Groups
;
11 use PVE
::API2
::Firewall
::IPSet
;
15 use Data
::Dumper
; # fixme: remove
17 use base
qw(PVE::RESTHandler);
19 __PACKAGE__-
>register_method ({
20 subclass
=> "PVE::API2::Firewall::Groups",
24 __PACKAGE__-
>register_method ({
25 subclass
=> "PVE::API2::Firewall::ClusterRules",
29 __PACKAGE__-
>register_method({
33 permissions
=> { user
=> 'all' },
34 description
=> "Directory index.",
36 additionalProperties
=> 0,
44 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
51 { name
=> 'options' },
60 __PACKAGE__-
>register_method({
61 name
=> 'get_options',
64 description
=> "Get Firewall options.",
66 additionalProperties
=> 0,
70 #additionalProperties => 1,
81 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
83 my $options = $cluster_conf->{options
};
88 my $option_properties = {
95 my $add_option_properties = sub {
96 my ($properties) = @_;
98 foreach my $k (keys %$option_properties) {
99 $properties->{$k} = $option_properties->{$k};
105 __PACKAGE__-
>register_method({
106 name
=> 'set_options',
109 description
=> "Set Firewall options.",
112 additionalProperties
=> 0,
113 properties
=> &$add_option_properties({
115 type
=> 'string', format
=> 'pve-configid-list',
116 description
=> "A list of settings you want to delete.",
121 returns
=> { type
=> "null" },
125 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
127 if ($param->{delete}) {
128 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
129 raise_param_exc
({ delete => "no such option '$opt'" })
130 if !$option_properties->{$opt};
131 delete $cluster_conf->{options
}->{$opt};
135 if (defined($param->{enable
})) {
136 $cluster_conf->{options
}->{enable
} = $param->{enable
} ?
1 : 0;
139 PVE
::Firewall
::save_clusterfw_conf
($cluster_conf);
144 __PACKAGE__-
>register_method({
145 name
=> 'get_macros',
148 description
=> "List available macros",
150 additionalProperties
=> 0,
158 description
=> "Macro name.",
162 description
=> "More verbose description (if available).",
173 my ($macros, $descr) = PVE
::Firewall
::get_macros
();
175 foreach my $macro (keys %$macros) {
176 push @$res, { macro => $macro, descr
=> $descr->{$macro} || $macro };
182 __PACKAGE__-
>register_method({
186 description
=> "List IPSets",
188 additionalProperties
=> 0,
196 description
=> "IPSet name.",
201 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
206 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
209 foreach my $name (keys %{$cluster_conf->{ipset
}}) {
210 push @$res, { name
=> $name, count
=> scalar(@{$cluster_conf->{ipset
}->{$name}}) };
216 __PACKAGE__-
>register_method ({
217 subclass
=> "PVE::API2::Firewall::ClusterIPset",
218 path
=> 'ipset/{name}',
219 # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/'
220 fragmentDelimiter
=> '',