]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/IPSet.pm
1 package PVE
::API2
::Firewall
::IPSetBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
9 use base
qw(PVE::RESTHandler);
11 my $api_properties = {
13 description
=> "Network/IP specification in CIDR format.",
14 type
=> 'string', format
=> 'IPv4orCIDR',
17 description
=> "IP set name.",
31 my ($class, $param) = @_;
33 die "implement this in subclass";
35 #return ($fw_conf, $rules);
39 my ($class, $param, $fw_conf, $rules) = @_;
41 die "implement this in subclass";
44 my $additional_param_hash = {};
46 sub additional_parameters
{
47 my ($class, $new_value) = @_;
49 if (defined($new_value)) {
50 $additional_param_hash->{$class} = $new_value;
55 my $org = $additional_param_hash->{$class} || {};
56 foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
60 sub register_get_ipset
{
63 my $properties = $class->additional_parameters();
65 $properties->{name
} = $api_properties->{name
};
67 $class->register_method({
71 description
=> "List IPSet content",
73 additionalProperties
=> 0,
74 properties
=> $properties,
94 links
=> [ { rel
=> 'child', href
=> "{cidr}" } ],
99 my ($fw_conf, $ipset) = $class->load_config($param);
105 sub register_add_ip
{
108 my $properties = $class->additional_parameters();
110 $properties->{name
} = $api_properties->{name
};
111 $properties->{cidr
} = $api_properties->{cidr
};
112 $properties->{nomatch
} = $api_properties->{nomatch
};
113 $properties->{comment
} = $api_properties->{comment
};
115 $class->register_method({
119 description
=> "Add IP or Network to IPSet.",
122 additionalProperties
=> 0,
123 properties
=> $properties,
125 returns
=> { type
=> "null" },
129 my ($fw_conf, $ipset) = $class->load_config($param);
131 my $data = { cidr
=> $param->{cidr
} };
132 $data->{nomatch
} = 1 if $param->{nomatch
};
133 $data->{comment
} = $param->{comment
} if $param->{comment
};
137 unshift @$ipset, $data;
139 $class->save_ipset($param, $fw_conf, $ipset);
145 sub register_remove_ip
{
148 my $properties = $class->additional_parameters();
150 $properties->{name
} = $api_properties->{name
};
151 $properties->{cidr
} = $api_properties->{cidr
};
153 $class->register_method({
157 description
=> "Remove IP or Network from IPSet.",
160 additionalProperties
=> 0,
161 properties
=> $properties,
163 returns
=> { type
=> "null" },
167 my ($fw_conf, $ipset) = $class->load_config($param);
169 die "implement me $param->{cidr}";
171 $class->save_ipset($param, $fw_conf, $ipset);
177 sub register_handlers
{
180 $class->register_get_ipset();
181 $class->register_add_ip();
182 $class->register_remove_ip();
185 package PVE
::API2
::Firewall
::ClusterIPset
;
190 use base
qw(PVE::API2::Firewall::IPSetBase);
193 my ($class, $param) = @_;
195 my $fw_conf = PVE
::Firewall
::load_clusterfw_conf
();
196 my $ipset = $fw_conf->{ipset
}->{$param->{name
}};
197 die "no such IPSet '$param->{name}'\n" if !defined($ipset);
199 return ($fw_conf, $ipset);
203 my ($class, $param, $fw_conf, $ipset) = @_;
205 $fw_conf->{ipset
}->{$param->{name
}} = $ipset;
206 PVE
::Firewall
::save_clusterfw_conf
($fw_conf);
209 __PACKAGE__-
>register_handlers();