]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/VM.pm
644d6bb1a4a6303c7d3e1a9dadbc88c14ff4cf1d
1 package PVE
::API2
::Firewall
::VMBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
8 use PVE
::API2
::Firewall
::Rules
;
9 use PVE
::API2
::Firewall
::Aliases
;
11 use Data
::Dumper
; # fixme: remove
13 use base
qw(PVE::RESTHandler);
15 my $option_properties = $PVE::Firewall
::vm_option_properties
;
17 my $add_option_properties = sub {
18 my ($properties) = @_;
20 foreach my $k (keys %$option_properties) {
21 $properties->{$k} = $option_properties->{$k};
27 sub register_handlers
{
28 my ($class, $rule_env) = @_;
30 $class->register_method({
34 permissions
=> { user
=> 'all' },
35 description
=> "Directory index.",
37 additionalProperties
=> 0,
39 node
=> get_standard_option
('pve-node'),
40 vmid
=> get_standard_option
('pve-vmid'),
49 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
56 { name
=> 'aliases' },
59 { name
=> 'options' },
66 $class->register_method({
67 name
=> 'get_options',
70 description
=> "Get VM firewall options.",
73 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
76 additionalProperties
=> 0,
78 node
=> get_standard_option
('pve-node'),
79 vmid
=> get_standard_option
('pve-vmid'),
84 #additionalProperties => 1,
85 properties
=> $option_properties,
90 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
91 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, $rule_env, $param->{vmid
});
93 return PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
96 $class->register_method({
97 name
=> 'set_options',
100 description
=> "Set Firewall options.",
104 check
=> ['perm', '/vms/{vmid}', [ 'VM.Config.Network' ]],
107 additionalProperties
=> 0,
108 properties
=> &$add_option_properties({
109 node
=> get_standard_option
('pve-node'),
110 vmid
=> get_standard_option
('pve-vmid'),
112 type
=> 'string', format
=> 'pve-configid-list',
113 description
=> "A list of settings you want to delete.",
116 digest
=> get_standard_option
('pve-config-digest'),
119 returns
=> { type
=> "null" },
124 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
125 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, $rule_env, $param->{vmid
});
127 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
128 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
130 if ($param->{delete}) {
131 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
132 raise_param_exc
({ delete => "no such option '$opt'" })
133 if !$option_properties->{$opt};
134 delete $vmfw_conf->{options
}->{$opt};
138 if (defined($param->{enable
})) {
139 $param->{enable
} = $param->{enable
} ?
1 : 0;
142 foreach my $k (keys %$option_properties) {
143 next if !defined($param->{$k});
144 $vmfw_conf->{options
}->{$k} = $param->{$k};
147 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $vmfw_conf);
152 $class->register_method({
156 description
=> "Read firewall log",
159 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
163 additionalProperties
=> 0,
165 node
=> get_standard_option
('pve-node'),
166 vmid
=> get_standard_option
('pve-vmid'),
185 description
=> "Line number",
189 description
=> "Line text",
198 my $rpcenv = PVE
::RPCEnvironment
::get
();
199 my $user = $rpcenv->get_user();
200 my $vmid = $param->{vmid
};
202 my ($count, $lines) = PVE
::Tools
::dump_logfile
("/var/log/pve-firewall.log",
203 $param->{start
}, $param->{limit
},
206 $rpcenv->set_result_attrib('total', $count);
212 $class->register_method({
216 description
=> "Lists possible IPSet/Alias reference which are allowed in source/dest properties.",
218 check
=> ['perm', '/vms/{vmid}', [ 'VM.Audit' ]],
221 additionalProperties
=> 0,
223 node
=> get_standard_option
('pve-node'),
224 vmid
=> get_standard_option
('pve-vmid'),
226 description
=> "Only list references of specified type.",
228 enum
=> ['alias', 'ipset'],
240 enum
=> ['alias', 'ipset'],
255 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
256 my $fw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, $rule_env, $param->{vmid
});
261 foreach my $conf (($cluster_conf, $fw_conf)) {
263 if (!$param->{type
} || $param->{type
} eq 'ipset') {
264 foreach my $name (keys %{$conf->{ipset
}}) {
270 if (my $comment = $conf->{ipset_comments
}->{$name}) {
271 $data->{comment
} = $comment;
273 $ipsets->{$name} = $data;
277 if (!$param->{type
} || $param->{type
} eq 'alias') {
278 foreach my $name (keys %{$conf->{aliases
}}) {
279 my $e = $conf->{aliases
}->{$name};
285 $data->{comment
} = $e->{comment
} if $e->{comment
};
286 $aliases->{$name} = $data;
292 foreach my $e (values %$ipsets) { push @$res, $e; };
293 foreach my $e (values %$aliases) { push @$res, $e; };
299 package PVE
::API2
::Firewall
::VM
;
304 use base
qw(PVE::API2::Firewall::VMBase);
306 __PACKAGE__-
>register_method ({
307 subclass
=> "PVE::API2::Firewall::VMRules",
311 __PACKAGE__-
>register_method ({
312 subclass
=> "PVE::API2::Firewall::VMAliases",
316 __PACKAGE__-
>register_method ({
317 subclass
=> "PVE::API2::Firewall::VMIPSetList",
321 __PACKAGE__-
>register_handlers('vm');
323 package PVE
::API2
::Firewall
::CT
;
328 use base
qw(PVE::API2::Firewall::VMBase);
330 __PACKAGE__-
>register_method ({
331 subclass
=> "PVE::API2::Firewall::CTRules",
335 __PACKAGE__-
>register_method ({
336 subclass
=> "PVE::API2::Firewall::CTAliases",
340 __PACKAGE__-
>register_method ({
341 subclass
=> "PVE::API2::Firewall::CTIPSetList",
345 __PACKAGE__-
>register_handlers('vm');