]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/VM.pm
6bfecf80154b9214ca548a1049ac01f3d0ff6fdf
1 package PVE
::API2
::Firewall
::VM
;
5 use PVE
::JSONSchema
qw(get_standard_option);
8 use PVE
::API2
::Firewall
::Rules
;
10 use Data
::Dumper
; # fixme: remove
12 use base
qw(PVE::RESTHandler);
14 __PACKAGE__-
>register_method ({
15 subclass
=> "PVE::API2::Firewall::VMRules",
19 __PACKAGE__-
>register_method({
23 permissions
=> { user
=> 'all' },
24 description
=> "Directory index.",
26 additionalProperties
=> 0,
28 node
=> get_standard_option
('pve-node'),
29 vmid
=> get_standard_option
('pve-vmid'),
38 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
45 { name
=> 'options' },
51 my $option_properties = {
53 description
=> "Enable host firewall rules.",
58 description
=> "Input policy.",
61 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
64 description
=> "Output policy.",
67 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
71 my $add_option_properties = sub {
72 my ($properties) = @_;
74 foreach my $k (keys %$option_properties) {
75 $properties->{$k} = $option_properties->{$k};
80 __PACKAGE__-
>register_method({
81 name
=> 'get_options',
84 description
=> "Get VM firewall options.",
87 additionalProperties
=> 0,
89 node
=> get_standard_option
('pve-node'),
90 vmid
=> get_standard_option
('pve-vmid'),
95 #additionalProperties => 1,
96 properties
=> $option_properties,
101 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($param->{vmid
});
103 return PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
106 __PACKAGE__-
>register_method({
107 name
=> 'set_options',
110 description
=> "Set Firewall options.",
114 additionalProperties
=> 0,
115 properties
=> &$add_option_properties({
116 node
=> get_standard_option
('pve-node'),
117 vmid
=> get_standard_option
('pve-vmid'),
119 type
=> 'string', format
=> 'pve-configid-list',
120 description
=> "A list of settings you want to delete.",
123 digest
=> get_standard_option
('pve-config-digest'),
126 returns
=> { type
=> "null" },
130 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($param->{vmid
});
132 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
133 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
135 if ($param->{delete}) {
136 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
137 raise_param_exc
({ delete => "no such option '$opt'" })
138 if !$option_properties->{$opt};
139 delete $vmfw_conf->{options
}->{$opt};
143 if (defined($param->{enable
})) {
144 $param->{enable
} = $param->{enable
} ?
1 : 0;
147 foreach my $k (keys %$option_properties) {
148 next if !defined($param->{$k});
149 $vmfw_conf->{options
}->{$k} = $param->{$k};
152 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $vmfw_conf);
157 __PACKAGE__-
>register_method({
161 description
=> "Read firewall log",
164 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
168 additionalProperties
=> 0,
170 node
=> get_standard_option
('pve-node'),
171 vmid
=> get_standard_option
('pve-vmid'),
190 description
=> "Line number",
194 description
=> "Line text",
203 my $rpcenv = PVE
::RPCEnvironment
::get
();
204 my $user = $rpcenv->get_user();
205 my $vmid = $param->{vmid
};
207 my ($count, $lines) = PVE
::Tools
::dump_logfile
("/var/log/pve-firewall.log",
208 $param->{start
}, $param->{limit
},
211 $rpcenv->set_result_attrib('total', $count);