1 package PVE
::API2
::Firewall
::Host
;
5 use PVE
::JSONSchema
qw(get_standard_option);
6 use PVE
::RPCEnvironment
;
9 use PVE
::API2
::Firewall
::Rules
;
11 use Data
::Dumper
; # fixme: remove
13 use base
qw(PVE::RESTHandler);
15 __PACKAGE__-
>register_method ({
16 subclass
=> "PVE::API2::Firewall::HostRules",
20 __PACKAGE__-
>register_method({
24 permissions
=> { user
=> 'all' },
25 description
=> "Directory index.",
27 additionalProperties
=> 0,
29 node
=> get_standard_option
('pve-node'),
38 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
45 { name
=> 'options' },
52 my $option_properties = {
54 description
=> "Enable host firewall rules.",
58 log_level_in
=> get_standard_option
('pve-fw-loglevel', {
59 description
=> "Log level for incoming traffic." }),
60 log_level_out
=> get_standard_option
('pve-fw-loglevel', {
61 description
=> "Log level for outgoing traffic." }),
62 tcp_flags_log_level
=> get_standard_option
('pve-fw-loglevel', {
63 description
=> "Log level for illegal tcp flags filter." }),
64 smurf_log_level
=> get_standard_option
('pve-fw-loglevel', {
65 description
=> "Log level for SMURFS filter." }),
67 description
=> "Enable SMURFS filter.",
72 description
=> "Filter illegal combinations of TCP flags.",
77 description
=> "Maximum number of tracked connections.",
82 nf_conntrack_tcp_timeout_established
=> {
83 description
=> "Conntrack established timeout.",
90 my $add_option_properties = sub {
91 my ($properties) = @_;
93 foreach my $k (keys %$option_properties) {
94 $properties->{$k} = $option_properties->{$k};
101 __PACKAGE__-
>register_method({
102 name
=> 'get_options',
105 description
=> "Get host firewall options.",
108 check
=> ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
111 additionalProperties
=> 0,
113 node
=> get_standard_option
('pve-node'),
118 #additionalProperties => 1,
119 properties
=> $option_properties,
124 my $hostfw_conf = PVE
::Firewall
::load_hostfw_conf
();
126 return PVE
::Firewall
::copy_opject_with_digest
($hostfw_conf->{options
});
129 __PACKAGE__-
>register_method({
130 name
=> 'set_options',
133 description
=> "Set Firewall options.",
137 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
140 additionalProperties
=> 0,
141 properties
=> &$add_option_properties({
142 node
=> get_standard_option
('pve-node'),
144 type
=> 'string', format
=> 'pve-configid-list',
145 description
=> "A list of settings you want to delete.",
148 digest
=> get_standard_option
('pve-config-digest'),
151 returns
=> { type
=> "null" },
155 my $hostfw_conf = PVE
::Firewall
::load_hostfw_conf
();
157 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($hostfw_conf->{options
});
158 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
160 if ($param->{delete}) {
161 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
162 raise_param_exc
({ delete => "no such option '$opt'" })
163 if !$option_properties->{$opt};
164 delete $hostfw_conf->{options
}->{$opt};
168 if (defined($param->{enable
})) {
169 $param->{enable
} = $param->{enable
} ?
1 : 0;
172 foreach my $k (keys %$option_properties) {
173 next if !defined($param->{$k});
174 $hostfw_conf->{options
}->{$k} = $param->{$k};
177 PVE
::Firewall
::save_hostfw_conf
($hostfw_conf);
182 __PACKAGE__-
>register_method({
186 description
=> "Read firewall log",
189 check
=> ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
193 additionalProperties
=> 0,
195 node
=> get_standard_option
('pve-node'),
214 description
=> "Line number",
218 description
=> "Line text",
227 my $rpcenv = PVE
::RPCEnvironment
::get
();
228 my $user = $rpcenv->get_user();
229 my $node = $param->{node
};
231 my ($count, $lines) = PVE
::Tools
::dump_logfile
("/var/log/pve-firewall.log", $param->{start
}, $param->{limit
});
233 $rpcenv->set_result_attrib('total', $count);
projects / pve-firewall.git / blob