1 package PVE
::API2
::Firewall
::Host
;
5 use PVE
::JSONSchema
qw(get_standard_option);
6 use PVE
::RPCEnvironment
;
9 use PVE
::API2
::Firewall
::Rules
;
11 use Data
::Dumper
; # fixme: remove
13 use base
qw(PVE::RESTHandler);
15 __PACKAGE__-
>register_method ({
16 subclass
=> "PVE::API2::Firewall::HostRules",
20 __PACKAGE__-
>register_method({
24 permissions
=> { user
=> 'all' },
25 description
=> "Directory index.",
27 additionalProperties
=> 0,
29 node
=> get_standard_option
('pve-node'),
38 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
45 { name
=> 'options' },
52 my $option_properties = {
54 description
=> "Enable host firewall rules.",
58 log_level_in
=> get_standard_option
('pve-fw-loglevel', {
59 description
=> "Log level for incoming traffic." }),
60 log_level_out
=> get_standard_option
('pve-fw-loglevel', {
61 description
=> "Log level for outgoing traffic." }),
62 tcp_flags_log_level
=> get_standard_option
('pve-fw-loglevel', {
63 description
=> "Log level for illegal tcp flags filter." }),
64 smurf_log_level
=> get_standard_option
('pve-fw-loglevel', {
65 description
=> "Log level for SMURFS filter." }),
67 description
=> "Enable SMURFS filter.",
72 description
=> "Filter illegal combinations of TCP flags.",
77 description
=> "Maximum number of tracked connections.",
82 nf_conntrack_tcp_timeout_established
=> {
83 description
=> "Conntrack established timeout.",
89 description
=> "Enable NDP.",
95 my $add_option_properties = sub {
96 my ($properties) = @_;
98 foreach my $k (keys %$option_properties) {
99 $properties->{$k} = $option_properties->{$k};
106 __PACKAGE__-
>register_method({
107 name
=> 'get_options',
110 description
=> "Get host firewall options.",
113 check
=> ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
116 additionalProperties
=> 0,
118 node
=> get_standard_option
('pve-node'),
123 #additionalProperties => 1,
124 properties
=> $option_properties,
129 my $hostfw_conf = PVE
::Firewall
::load_hostfw_conf
();
131 return PVE
::Firewall
::copy_opject_with_digest
($hostfw_conf->{options
});
134 __PACKAGE__-
>register_method({
135 name
=> 'set_options',
138 description
=> "Set Firewall options.",
142 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
145 additionalProperties
=> 0,
146 properties
=> &$add_option_properties({
147 node
=> get_standard_option
('pve-node'),
149 type
=> 'string', format
=> 'pve-configid-list',
150 description
=> "A list of settings you want to delete.",
153 digest
=> get_standard_option
('pve-config-digest'),
156 returns
=> { type
=> "null" },
160 my $hostfw_conf = PVE
::Firewall
::load_hostfw_conf
();
162 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($hostfw_conf->{options
});
163 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
165 if ($param->{delete}) {
166 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
167 raise_param_exc
({ delete => "no such option '$opt'" })
168 if !$option_properties->{$opt};
169 delete $hostfw_conf->{options
}->{$opt};
173 if (defined($param->{enable
})) {
174 $param->{enable
} = $param->{enable
} ?
1 : 0;
177 foreach my $k (keys %$option_properties) {
178 next if !defined($param->{$k});
179 $hostfw_conf->{options
}->{$k} = $param->{$k};
182 PVE
::Firewall
::save_hostfw_conf
($hostfw_conf);
187 __PACKAGE__-
>register_method({
191 description
=> "Read firewall log",
194 check
=> ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
198 additionalProperties
=> 0,
200 node
=> get_standard_option
('pve-node'),
219 description
=> "Line number",
223 description
=> "Line text",
232 my $rpcenv = PVE
::RPCEnvironment
::get
();
233 my $user = $rpcenv->get_user();
234 my $node = $param->{node
};
236 my ($count, $lines) = PVE
::Tools
::dump_logfile
("/var/log/pve-firewall.log", $param->{start
}, $param->{limit
});
238 $rpcenv->set_result_attrib('total', $count);