]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/VM.pm
1 package PVE
::API2
::Firewall
::VMBase
;
5 use PVE
::JSONSchema
qw(get_standard_option);
8 use PVE
::API2
::Firewall
::Rules
;
9 use PVE
::API2
::Firewall
::Aliases
;
11 use Data
::Dumper
; # fixme: remove
13 use base
qw(PVE::RESTHandler);
15 my $option_properties = {
17 description
=> "Enable host firewall rules.",
22 description
=> "Enable/disable MAC address filter.",
27 description
=> "Enable DHCP.",
32 description
=> "Input policy.",
35 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
38 description
=> "Output policy.",
41 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
43 log_level_in
=> get_standard_option
('pve-fw-loglevel', {
44 description
=> "Log level for incoming traffic." }),
45 log_level_out
=> get_standard_option
('pve-fw-loglevel', {
46 description
=> "Log level for outgoing traffic." }),
50 my $add_option_properties = sub {
51 my ($properties) = @_;
53 foreach my $k (keys %$option_properties) {
54 $properties->{$k} = $option_properties->{$k};
60 sub register_handlers
{
61 my ($class, $rule_env) = @_;
63 $class->register_method({
67 permissions
=> { user
=> 'all' },
68 description
=> "Directory index.",
70 additionalProperties
=> 0,
72 node
=> get_standard_option
('pve-node'),
73 vmid
=> get_standard_option
('pve-vmid'),
82 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
89 { name
=> 'aliases' },
90 { name
=> 'options' },
97 $class->register_method({
98 name
=> 'get_options',
101 description
=> "Get VM firewall options.",
104 additionalProperties
=> 0,
106 node
=> get_standard_option
('pve-node'),
107 vmid
=> get_standard_option
('pve-vmid'),
112 #additionalProperties => 1,
113 properties
=> $option_properties,
118 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
119 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, $rule_env, $param->{vmid
});
121 return PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
124 $class->register_method({
125 name
=> 'set_options',
128 description
=> "Set Firewall options.",
132 additionalProperties
=> 0,
133 properties
=> &$add_option_properties({
134 node
=> get_standard_option
('pve-node'),
135 vmid
=> get_standard_option
('pve-vmid'),
137 type
=> 'string', format
=> 'pve-configid-list',
138 description
=> "A list of settings you want to delete.",
141 digest
=> get_standard_option
('pve-config-digest'),
144 returns
=> { type
=> "null" },
149 my $cluster_conf = PVE
::Firewall
::load_clusterfw_conf
();
150 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($cluster_conf, $rule_env, $param->{vmid
});
152 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
153 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
155 if ($param->{delete}) {
156 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
157 raise_param_exc
({ delete => "no such option '$opt'" })
158 if !$option_properties->{$opt};
159 delete $vmfw_conf->{options
}->{$opt};
163 if (defined($param->{enable
})) {
164 $param->{enable
} = $param->{enable
} ?
1 : 0;
167 foreach my $k (keys %$option_properties) {
168 next if !defined($param->{$k});
169 $vmfw_conf->{options
}->{$k} = $param->{$k};
172 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $vmfw_conf);
177 $class->register_method({
181 description
=> "Read firewall log",
184 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
188 additionalProperties
=> 0,
190 node
=> get_standard_option
('pve-node'),
191 vmid
=> get_standard_option
('pve-vmid'),
210 description
=> "Line number",
214 description
=> "Line text",
223 my $rpcenv = PVE
::RPCEnvironment
::get
();
224 my $user = $rpcenv->get_user();
225 my $vmid = $param->{vmid
};
227 my ($count, $lines) = PVE
::Tools
::dump_logfile
("/var/log/pve-firewall.log",
228 $param->{start
}, $param->{limit
},
231 $rpcenv->set_result_attrib('total', $count);
237 package PVE
::API2
::Firewall
::VM
;
242 use base
qw(PVE::API2::Firewall::VMBase);
244 __PACKAGE__-
>register_method ({
245 subclass
=> "PVE::API2::Firewall::VMRules",
249 __PACKAGE__-
>register_method ({
250 subclass
=> "PVE::API2::Firewall::VMAliases",
254 __PACKAGE__-
>register_method ({
255 subclass
=> "PVE::API2::Firewall::VMIPSetList",
259 __PACKAGE__-
>register_handlers('vm');
261 package PVE
::API2
::Firewall
::CT
;
266 use base
qw(PVE::API2::Firewall::VMBase);
268 __PACKAGE__-
>register_method ({
269 subclass
=> "PVE::API2::Firewall::CTRules",
273 __PACKAGE__-
>register_method ({
274 subclass
=> "PVE::API2::Firewall::CTAliases",
278 __PACKAGE__-
>register_method ({
279 subclass
=> "PVE::API2::Firewall::CTIPSetList",
283 __PACKAGE__-
>register_handlers('vm');