]>
git.proxmox.com Git - pve-firewall.git/blob - src/PVE/API2/Firewall/VM.pm
1 package PVE
::API2
::Firewall
::VM
;
5 use PVE
::JSONSchema
qw(get_standard_option);
8 use PVE
::API2
::Firewall
::Rules
;
10 use Data
::Dumper
; # fixme: remove
12 use base
qw(PVE::RESTHandler);
14 __PACKAGE__-
>register_method ({
15 subclass
=> "PVE::API2::Firewall::VMRules",
19 __PACKAGE__-
>register_method({
23 permissions
=> { user
=> 'all' },
24 description
=> "Directory index.",
26 additionalProperties
=> 0,
28 node
=> get_standard_option
('pve-node'),
29 vmid
=> get_standard_option
('pve-vmid'),
38 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
45 { name
=> 'options' },
51 my $option_properties = {
53 description
=> "Enable host firewall rules.",
58 description
=> "Enable/disable MAC address filter.",
63 description
=> "Enable DHCP.",
68 description
=> "Input policy.",
71 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
74 description
=> "Output policy.",
77 enum
=> ['ACCEPT', 'REJECT', 'DROP'],
79 log_level_in
=> get_standard_option
('pve-fw-loglevel', {
80 description
=> "Log level for incoming traffic." }),
81 log_level_out
=> get_standard_option
('pve-fw-loglevel', {
82 description
=> "Log level for outgoing traffic." }),
86 my $add_option_properties = sub {
87 my ($properties) = @_;
89 foreach my $k (keys %$option_properties) {
90 $properties->{$k} = $option_properties->{$k};
95 __PACKAGE__-
>register_method({
96 name
=> 'get_options',
99 description
=> "Get VM firewall options.",
102 additionalProperties
=> 0,
104 node
=> get_standard_option
('pve-node'),
105 vmid
=> get_standard_option
('pve-vmid'),
110 #additionalProperties => 1,
111 properties
=> $option_properties,
116 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($param->{vmid
});
118 return PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
121 __PACKAGE__-
>register_method({
122 name
=> 'set_options',
125 description
=> "Set Firewall options.",
129 additionalProperties
=> 0,
130 properties
=> &$add_option_properties({
131 node
=> get_standard_option
('pve-node'),
132 vmid
=> get_standard_option
('pve-vmid'),
134 type
=> 'string', format
=> 'pve-configid-list',
135 description
=> "A list of settings you want to delete.",
138 digest
=> get_standard_option
('pve-config-digest'),
141 returns
=> { type
=> "null" },
145 my $vmfw_conf = PVE
::Firewall
::load_vmfw_conf
($param->{vmid
});
147 my (undef, $digest) = PVE
::Firewall
::copy_opject_with_digest
($vmfw_conf->{options
});
148 PVE
::Tools
::assert_if_modified
($digest, $param->{digest
});
150 if ($param->{delete}) {
151 foreach my $opt (PVE
::Tools
::split_list
($param->{delete})) {
152 raise_param_exc
({ delete => "no such option '$opt'" })
153 if !$option_properties->{$opt};
154 delete $vmfw_conf->{options
}->{$opt};
158 if (defined($param->{enable
})) {
159 $param->{enable
} = $param->{enable
} ?
1 : 0;
162 foreach my $k (keys %$option_properties) {
163 next if !defined($param->{$k});
164 $vmfw_conf->{options
}->{$k} = $param->{$k};
167 PVE
::Firewall
::save_vmfw_conf
($param->{vmid
}, $vmfw_conf);
172 __PACKAGE__-
>register_method({
176 description
=> "Read firewall log",
179 check
=> ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
183 additionalProperties
=> 0,
185 node
=> get_standard_option
('pve-node'),
186 vmid
=> get_standard_option
('pve-vmid'),
205 description
=> "Line number",
209 description
=> "Line text",
218 my $rpcenv = PVE
::RPCEnvironment
::get
();
219 my $user = $rpcenv->get_user();
220 my $vmid = $param->{vmid
};
222 my ($count, $lines) = PVE
::Tools
::dump_logfile
("/var/log/pve-firewall.log",
223 $param->{start
}, $param->{limit
},
226 $rpcenv->set_result_attrib('total', $count);