host firewall support

[pve-firewall.git] / pvefw

diff --git a/pvefw b/pvefw
index b10895e22af32ef3deefe02ea69f829247220f41..25c4f8a8b0b8e80a65d759673343414877296de0 100755 (executable)
--- a/pvefw
+++ b/pvefw
@@ -29,6 +29,101 @@ $rpcenv->init_request();
 $rpcenv->set_language($ENV{LANG});
 $rpcenv->set_user('root@pam');
 
+__PACKAGE__->register_method({
+    name => 'enabletaprules',
+    path => 'enabletaprules',
+    method => 'POST',
+    parameters => {
+        additionalProperties => 0,
+        properties => {
+            vmid => get_standard_option('pve-vmid'),
+            netid => {
+                type => 'string',
+            },
+
+        },
+    },
+    returns => { type => 'null' },
+    code => sub {
+        my ($param) = @_;
+
+        # test if VM exists
+        my $vmid = $param->{vmid};
+        my $netid = $param->{netid};
+
+       my $conf = PVE::QemuServer::load_config($vmid);
+       my $net = PVE::QemuServer::parse_net($conf->{$netid});
+
+       PVE::Firewall::generate_tap_rules($net, $netid, $vmid);
+
+        return undef;
+    }});
+
+__PACKAGE__->register_method({
+    name => 'disabletaprules',
+    path => 'disabletaprules',
+    method => 'POST',
+    parameters => {
+        additionalProperties => 0,
+        properties => {
+            vmid => get_standard_option('pve-vmid'),
+            netid => {
+                type => 'string',
+            },
+
+        },
+    },
+    returns => { type => 'null' },
+    code => sub {
+        my ($param) = @_;
+
+        # test if VM exists
+        my $vmid = $param->{vmid};
+        my $netid = $param->{netid};
+
+       my $conf = PVE::QemuServer::load_config($vmid);
+       my $net = PVE::QemuServer::parse_net($conf->{$netid});
+
+       PVE::Firewall::flush_tap_rules($net, $netid, $vmid);
+
+        return undef;
+    }});
+
+__PACKAGE__->register_method({
+    name => 'enablehostfw',
+    path => 'enablehostfw',
+    method => 'POST',
+    parameters => {
+       additionalProperties => 0,
+       properties => {},
+    },
+    returns => { type => 'null' },
+
+    code => sub {
+       my ($param) = @_;
+
+       PVE::Firewall::enablehostfw();
+
+       return undef;
+    }});
+
+__PACKAGE__->register_method({
+    name => 'disablehostfw',
+    path => 'disablehostfw',
+    method => 'POST',
+    parameters => {
+       additionalProperties => 0,
+       properties => {},
+    },
+    returns => { type => 'null' },
+
+    code => sub {
+       my ($param) = @_;
+
+       PVE::Firewall::disablehostfw();
+
+       return undef;
+    }});
 
 __PACKAGE__->register_method ({
     name => 'compile',
@@ -133,6 +228,10 @@ my $cmddef = {
     restart => [ __PACKAGE__, 'restart', []],
     stop => [ __PACKAGE__, 'stop', []],
     clear => [ __PACKAGE__, 'clear', []],
+    enabletaprules => [ __PACKAGE__, 'enabletaprules', []],
+    disabletaprules => [ __PACKAGE__, 'disabletaprules', []],
+    enablehostfw => [ __PACKAGE__, 'enablehostfw', []],
+    disablehostfw => [ __PACKAGE__, 'disablehostfw', []],
 };
 
 my $cmd = shift;