]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/IPSet.pm
1 package PVE
::API2
::Firewall
::IPSetBase
;
5 use PVE
::Exception
qw(raise raise_param_exc);
6 use PVE
::JSONSchema
qw(get_standard_option);
10 use base
qw(PVE::RESTHandler);
12 my $api_properties = {
14 description
=> "Network/IP specification in CIDR format.",
15 type
=> 'string', format
=> 'IPv4orCIDR',
17 name
=> get_standard_option
('ipset-name'),
29 my ($class, $param) = @_;
31 die "implement this in subclass";
33 #return ($fw_conf, $rules);
37 my ($class, $param, $fw_conf, $rules) = @_;
39 die "implement this in subclass";
42 my $additional_param_hash = {};
44 sub additional_parameters
{
45 my ($class, $new_value) = @_;
47 if (defined($new_value)) {
48 $additional_param_hash->{$class} = $new_value;
53 my $org = $additional_param_hash->{$class} || {};
54 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
58 sub register_get_ipset
{
61 my $properties = $class->additional_parameters();
63 $properties->{name
} = $api_properties->{name
};
65 $class->register_method({
69 description
=> "List IPSet content",
71 additionalProperties
=> 0,
72 properties
=> $properties,
92 links
=> [ { rel
=> 'child', href
=> "{cidr}" } ],
97 my ($fw_conf, $ipset) = $class->load_config($param);
103 sub register_create_ip
{
106 my $properties = $class->additional_parameters();
108 $properties->{name
} = $api_properties->{name
};
109 $properties->{cidr
} = $api_properties->{cidr
};
110 $properties->{nomatch
} = $api_properties->{nomatch
};
111 $properties->{comment
} = $api_properties->{comment
};
113 $class->register_method({
117 description
=> "Add IP or Network to IPSet.",
120 additionalProperties
=> 0,
121 properties
=> $properties,
123 returns
=> { type
=> "null" },
127 my ($fw_conf, $ipset) = $class->load_config($param);
129 my $cidr = $param->{cidr
};
131 foreach my $entry (@$ipset) {
132 raise_param_exc
({ cidr
=> "address '$cidr' already exists" })
133 if $entry->{cidr
} eq $cidr;
136 my $data = { cidr
=> $cidr };
137 $data->{nomatch
} = 1 if $param->{nomatch
};
138 $data->{comment
} = $param->{comment
} if $param->{comment
};
140 unshift @$ipset, $data;
142 $class->save_ipset($param, $fw_conf, $ipset);
148 sub register_read_ip
{
151 my $properties = $class->additional_parameters();
153 $properties->{name
} = $api_properties->{name
};
154 $properties->{cidr
} = $api_properties->{cidr
};
156 $class->register_method({
160 description
=> "Read IP or Network settings from IPSet.",
163 additionalProperties
=> 0,
164 properties
=> $properties,
166 returns
=> { type
=> "object" },
170 my ($fw_conf, $ipset) = $class->load_config($param);
172 foreach my $entry (@$ipset) {
173 return $entry if $entry->{cidr
} eq $param->{cidr
};
176 raise_param_exc
({ cidr
=> "no such IP/Network" });
180 sub register_update_ip
{
183 my $properties = $class->additional_parameters();
185 $properties->{name
} = $api_properties->{name
};
186 $properties->{cidr
} = $api_properties->{cidr
};
187 $properties->{nomatch
} = $api_properties->{nomatch
};
188 $properties->{comment
} = $api_properties->{comment
};
190 $class->register_method({
194 description
=> "Update IP or Network settings",
197 additionalProperties
=> 0,
198 properties
=> $properties,
200 returns
=> { type
=> "null" },
204 my ($fw_conf, $ipset) = $class->load_config($param);
206 foreach my $entry (@$ipset) {
207 if($entry->{cidr
} eq $param->{cidr
}) {
208 $entry->{nomatch
} = $param->{nomatch
};
209 $entry->{comment
} = $param->{comment
};
210 $class->save_ipset($param, $fw_conf, $ipset);
215 raise_param_exc
({ cidr
=> "no such IP/Network" });
219 sub register_delete_ip
{
222 my $properties = $class->additional_parameters();
224 $properties->{name
} = $api_properties->{name
};
225 $properties->{cidr
} = $api_properties->{cidr
};
227 $class->register_method({
231 description
=> "Remove IP or Network from IPSet.",
234 additionalProperties
=> 0,
235 properties
=> $properties,
237 returns
=> { type
=> "null" },
241 my ($fw_conf, $ipset) = $class->load_config($param);
245 foreach my $entry (@$ipset) {
246 push @$new, $entry if $entry->{cidr
} ne $param->{cidr
};
249 $class->save_ipset($param, $fw_conf, $new);
255 sub register_handlers
{
258 $class->register_get_ipset();
259 $class->register_create_ip();
260 $class->register_read_ip();
261 $class->register_update_ip();
262 $class->register_delete_ip();
265 package PVE
::API2
::Firewall
::ClusterIPset
;
270 use base
qw(PVE::API2::Firewall::IPSetBase);
273 my ($class, $param) = @_;
275 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
276 my $ipset = $fw_conf->{ipset
}->{$param->{name
}};
277 die "no such IPSet '$param->{name}'\n" if !defined($ipset);
279 return ($fw_conf, $ipset);
283 my ($class, $param, $fw_conf, $ipset) = @_;
285 $fw_conf->{ipset
}->{$param->{name
}} = $ipset;
286 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
289 __PACKAGE__-
>register_handlers();
291 package PVE
::API2
::Firewall
::BaseIPSetList
;
295 use PVE
::JSONSchema
qw(get_standard_option);
296 use PVE
::Exception
qw(raise_param_exc);
299 use base
qw(PVE::RESTHandler);
304 $class->register_method({
305 name
=> 'ipset_index',
308 description
=> "List IPSets",
310 additionalProperties
=> 0,
317 name
=> get_standard_option
('ipset-name'),
320 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
325 my $fw_conf = $class->load_config();
328 foreach my $name (keys %{$fw_conf->{ipset
}}) {
329 push @$res, { name
=> $name, count
=> scalar(@{$fw_conf->{ipset
}->{$name}}) };
336 sub register_create
{
339 $class->register_method({
340 name
=> 'create_ipset',
343 description
=> "Create new IPSet",
346 additionalProperties
=> 0,
348 name
=> get_standard_option
('ipset-name'),
349 rename => get_standard_option
('ipset-name', {
350 description
=> "Rename an existing IPSet.",
355 returns
=> { type
=> 'null' },
359 my $fw_conf = $class->load_config();
361 foreach my $name (keys %{$fw_conf->{ipset
}}) {
362 raise_param_exc
({ name
=> "IPSet '$name' already exists" })
363 if $name eq $param->{name
};
366 if ($param->{rename}) {
367 raise_param_exc
({ name
=> "IPSet '$param->{rename}' does not exists" })
368 if !$fw_conf->{ipset
}->{$param->{rename}};
369 my $data = delete $fw_conf->{ipset
}->{$param->{rename}};
370 $fw_conf->{ipset
}->{$param->{name
}} = $data;
372 $fw_conf->{ipset
}->{$param->{name
}} = [];
375 $class->save_config($fw_conf);
381 sub register_delete
{
384 $class->register_method({
385 name
=> 'delete_ipset',
388 description
=> "Delete IPSet",
391 additionalProperties
=> 0,
393 name
=> get_standard_option
('ipset-name'),
396 returns
=> { type
=> 'null' },
400 my $fw_conf = $class->load_config();
402 return undef if !$fw_conf->{ipset
}->{$param->{name
}};
404 die "IPSet '$param->{name}' is not empty\n"
405 if scalar(@{$fw_conf->{ipset
}->{$param->{name
}}});
407 delete $fw_conf->{ipset
}->{$param->{name
}};
409 $class->save_config($fw_conf);
415 sub register_handlers
{
418 $class->register_index();
419 $class->register_create();
420 $class->register_delete();
423 package PVE
::API2
::Firewall
::ClusterIPSetList
;
429 use base
qw(PVE::API2::Firewall::BaseIPSetList);
434 return PVE
::Firewall
::load_clusterfw_conf
();
438 my ($class, $fw_conf) = @_;
440 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
443 __PACKAGE__-
>register_handlers();
445 __PACKAGE__-
>register_method ({
446 subclass
=> "PVE::API2::Firewall::ClusterIPset",
448 # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/'
449 fragmentDelimiter
=> '',