1 package PVE
::API2
::Firewall
::Host
;
5 use PVE
::JSONSchema
qw(get_standard_option);
6 use PVE
::RPCEnvironment
;
9 use PVE
::API2
::Firewall
::Rules
;
11 use Data
::Dumper
; # fixme: remove
13 use base
qw(PVE::RESTHandler);
15 __PACKAGE__-
>register_method ({
16 subclass
=> "PVE::API2::Firewall::HostRules",
20 __PACKAGE__-
>register_method({
24 permissions
=> { user
=> 'all' },
25 description
=> "Directory index.",
27 additionalProperties
=> 0,
29 node
=> get_standard_option
('pve-node'),
38 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
45 { name
=> 'options' },
52 my $option_properties = {
54 description
=> "Enable host firewall rules.",
58 log_level_in
=> get_standard_option
('pve-fw-loglevel', {
59 description
=> "Log level for incoming traffic." }),
60 log_level_out
=> get_standard_option
('pve-fw-loglevel', {
61 description
=> "Log level for outgoing traffic." }),
62 tcp_flags_log_level
=> get_standard_option
('pve-fw-loglevel', {
63 description
=> "Log level for illegal tcp flags filter." }),
64 smurf_log_level
=> get_standard_option
('pve-fw-loglevel', {
65 description
=> "Log level for SMURFS filter." }),
67 description
=> "Enable SMURFS filter.",
72 description
=> "Filter illegal combinations of TCP flags.",
77 description
=> "Maximum number of tracked connections.",
82 nf_conntrack_tcp_timeout_established
=> {
83 description
=> "Conntrack established timeout.",
90 my $add_option_properties = sub {
91 my ($properties) = @_;
93 foreach my $k (keys %$option_properties) {
94 $properties->{$k} = $option_properties->{$k};
101 __PACKAGE__-
>register_method({
102 name
=> 'get_options',
105 description
=> "Get host firewall options.",
108 additionalProperties
=> 0,
110 node
=> get_standard_option
('pve-node'),
115 #additionalProperties => 1,
116 properties
=> $option_properties,
121 my $hostfw_conf = PVE
::Firewall
::load_hostfw_conf
();
123 return PVE
::Firewall
::copy_opject_with_digest
($hostfw_conf->{options
});
126 __PACKAGE__-
>register_method({
127 name
=> 'set_options',
130 description
=> "Set Firewall options.",
134 additionalProperties
=> 0,
135 properties
=> &$add_option_properties({
136 node
=> get_standard_option
('pve-node'),
138 type
=> 'string', format
=> 'pve-configid-list',
139 description
=> "A list of settings you want to delete.",
142 digest
=> get_standard_option
('pve-config-digest'),
145 returns
=> { type
=> "null" },
149 my $hostfw_conf = PVE
::Firewall
::load_hostfw_conf
();
151 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($hostfw_conf->{options
});
152 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
154 if ($param->{delete}) {
155 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
156 raise_param_exc
({ delete => "no such option '$opt'" })
157 if !$option_properties->{$opt};
158 delete $hostfw_conf->{options
}->{$opt};
162 if (defined($param->{enable
})) {
163 $param->{enable
} = $param->{enable
} ?
1 : 0;
166 foreach my $k (keys %$option_properties) {
167 next if !defined($param->{$k});
168 $hostfw_conf->{options
}->{$k} = $param->{$k};
171 PVE
::Firewall
::save_hostfw_conf
($hostfw_conf);
176 __PACKAGE__-
>register_method({
180 description
=> "Read firewall log",
183 check
=> ['perm', '/nodes/{node}', [ 'Sys.Syslog' ]],
187 additionalProperties
=> 0,
189 node
=> get_standard_option
('pve-node'),
208 description
=> "Line number",
212 description
=> "Line text",
221 my $rpcenv = PVE
::RPCEnvironment
::get
();
222 my $user = $rpcenv->get_user();
223 my $node = $param->{node
};
225 my ($count, $lines) = PVE
::Tools
::dump_logfile
("/var/log/pve-firewall.log", $param->{start
}, $param->{limit
});
227 $rpcenv->set_result_attrib('total', $count);