]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/IPSet.pm
c9372fac138ab4b5beff39eaf30cb54b20ff7f03
1 package PVE
::API2
::Firewall
::IPSetBase
;
5 use PVE
::Exception
qw(raise raise_param_exc);
6 use PVE
::JSONSchema
qw(get_standard_option);
10 use base
qw(PVE::RESTHandler);
12 my $api_properties = {
14 description
=> "Network/IP specification in CIDR format.",
15 type
=> 'string', format
=> 'IPv4orCIDR',
18 description
=> "IP set name.",
32 my ($class, $param) = @_;
34 die "implement this in subclass";
36 #return ($fw_conf, $rules);
40 my ($class, $param, $fw_conf, $rules) = @_;
42 die "implement this in subclass";
45 my $additional_param_hash = {};
47 sub additional_parameters
{
48 my ($class, $new_value) = @_;
50 if (defined($new_value)) {
51 $additional_param_hash->{$class} = $new_value;
56 my $org = $additional_param_hash->{$class} || {};
57 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
61 sub register_get_ipset
{
64 my $properties = $class->additional_parameters();
66 $properties->{name
} = $api_properties->{name
};
68 $class->register_method({
72 description
=> "List IPSet content",
74 additionalProperties
=> 0,
75 properties
=> $properties,
95 links
=> [ { rel
=> 'child', href
=> "{cidr}" } ],
100 my ($fw_conf, $ipset) = $class->load_config($param);
106 sub register_create_ip
{
109 my $properties = $class->additional_parameters();
111 $properties->{name
} = $api_properties->{name
};
112 $properties->{cidr
} = $api_properties->{cidr
};
113 $properties->{nomatch
} = $api_properties->{nomatch
};
114 $properties->{comment
} = $api_properties->{comment
};
116 $class->register_method({
120 description
=> "Add IP or Network to IPSet.",
123 additionalProperties
=> 0,
124 properties
=> $properties,
126 returns
=> { type
=> "null" },
130 my ($fw_conf, $ipset) = $class->load_config($param);
132 my $cidr = $param->{cidr
};
134 foreach my $entry (@$ipset) {
135 raise_param_exc
({ cidr
=> "address '$cidr' already exists" })
136 if $entry->{cidr
} eq $cidr;
139 my $data = { cidr
=> $cidr };
140 $data->{nomatch
} = 1 if $param->{nomatch
};
141 $data->{comment
} = $param->{comment
} if $param->{comment
};
143 unshift @$ipset, $data;
145 $class->save_ipset($param, $fw_conf, $ipset);
151 sub register_read_ip
{
154 my $properties = $class->additional_parameters();
156 $properties->{name
} = $api_properties->{name
};
157 $properties->{cidr
} = $api_properties->{cidr
};
159 $class->register_method({
163 description
=> "Read IP or Network settings from IPSet.",
166 additionalProperties
=> 0,
167 properties
=> $properties,
169 returns
=> { type
=> "object" },
173 my ($fw_conf, $ipset) = $class->load_config($param);
175 foreach my $entry (@$ipset) {
176 return $entry if $entry->{cidr
} eq $param->{cidr
};
179 raise_param_exc
({ cidr
=> "no such IP/Network" });
183 sub register_update_ip
{
186 my $properties = $class->additional_parameters();
188 $properties->{name
} = $api_properties->{name
};
189 $properties->{cidr
} = $api_properties->{cidr
};
190 $properties->{nomatch
} = $api_properties->{nomatch
};
191 $properties->{comment
} = $api_properties->{comment
};
193 $class->register_method({
197 description
=> "Update IP or Network settings",
200 additionalProperties
=> 0,
201 properties
=> $properties,
203 returns
=> { type
=> "null" },
207 my ($fw_conf, $ipset) = $class->load_config($param);
209 foreach my $entry (@$ipset) {
210 if($entry->{cidr
} eq $param->{cidr
}) {
211 $entry->{nomatch
} = $param->{nomatch
};
212 $entry->{comment
} = $param->{comment
};
213 $class->save_ipset($param, $fw_conf, $ipset);
218 raise_param_exc
({ cidr
=> "no such IP/Network" });
222 sub register_delete_ip
{
225 my $properties = $class->additional_parameters();
227 $properties->{name
} = $api_properties->{name
};
228 $properties->{cidr
} = $api_properties->{cidr
};
230 $class->register_method({
234 description
=> "Remove IP or Network from IPSet.",
237 additionalProperties
=> 0,
238 properties
=> $properties,
240 returns
=> { type
=> "null" },
244 my ($fw_conf, $ipset) = $class->load_config($param);
248 foreach my $entry (@$ipset) {
249 push @$new, $entry if $entry->{cidr
} ne $param->{cidr
};
252 $class->save_ipset($param, $fw_conf, $new);
258 sub register_handlers
{
261 $class->register_get_ipset();
262 $class->register_create_ip();
263 $class->register_read_ip();
264 $class->register_update_ip();
265 $class->register_delete_ip();
268 package PVE
::API2
::Firewall
::ClusterIPset
;
273 use base
qw(PVE::API2::Firewall::IPSetBase);
276 my ($class, $param) = @_;
278 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
279 my $ipset = $fw_conf->{ipset
}->{$param->{name
}};
280 die "no such IPSet '$param->{name}'\n" if !defined($ipset);
282 return ($fw_conf, $ipset);
286 my ($class, $param, $fw_conf, $ipset) = @_;
288 $fw_conf->{ipset
}->{$param->{name
}} = $ipset;
289 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
292 __PACKAGE__-
>register_handlers();
294 package PVE
::API2
::Firewall
::BaseIPSetList
;
299 use PVE
::Exception
qw(raise_param_exc);
301 use base
qw(PVE::RESTHandler);
306 $class->register_method({
307 name
=> 'ipset_index',
310 description
=> "List IPSets",
312 additionalProperties
=> 0,
320 description
=> "IPSet name.",
325 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
330 my $fw_conf = $class->load_config();
333 foreach my $name (keys %{$fw_conf->{ipset
}}) {
334 push @$res, { name
=> $name, count
=> scalar(@{$fw_conf->{ipset
}->{$name}}) };
341 sub register_create
{
344 $class->register_method({
345 name
=> 'create_ipset',
348 description
=> "Create new IPSet",
351 additionalProperties
=> 0,
354 # fixme: verify format
355 description
=> "IP set name.",
360 returns
=> { type
=> 'null' },
364 my $fw_conf = $class->load_config();
366 foreach my $name (keys %{$fw_conf->{ipset
}}) {
367 raise_param_exc
({ name
=> "IPSet '$name' already exists" })
368 if $name eq $param->{name
};
371 $fw_conf->{ipset
}->{$param->{name
}} = [];
372 $class->save_config($fw_conf);
378 sub register_delete
{
381 $class->register_method({
382 name
=> 'delete_ipset',
385 description
=> "Delete IPSet",
388 additionalProperties
=> 0,
391 # fixme: verify format
392 description
=> "IP set name.",
397 returns
=> { type
=> 'null' },
401 my $fw_conf = $class->load_config();
403 return undef if !$fw_conf->{ipset
}->{$param->{name
}};
405 die "IPSet '$param->{name}' is not empty\n"
406 if scalar(@{$fw_conf->{ipset
}->{$param->{name
}}});
408 delete $fw_conf->{ipset
}->{$param->{name
}};
410 $class->save_config($fw_conf);
416 sub register_handlers
{
419 $class->register_index();
420 $class->register_create();
421 $class->register_delete();
424 package PVE
::API2
::Firewall
::ClusterIPSetList
;
430 use base
qw(PVE::API2::Firewall::BaseIPSetList);
435 return PVE
::Firewall
::load_clusterfw_conf
();
439 my ($class, $fw_conf) = @_;
441 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
444 __PACKAGE__-
>register_handlers();
446 __PACKAGE__-
>register_method ({
447 subclass
=> "PVE::API2::Firewall::ClusterIPset",
449 # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/'
450 fragmentDelimiter
=> '',