my $vmid = $param->{vmid};
my $netid = $param->{netid};
- my $conf = PVE::QemuServer::load_config($vmid);
-
- foreach my $opt (keys %$conf) {
- next if $opt !~ m/^net(\d+)$/;
- my $net = PVE::QemuServer::parse_net($conf->{$opt});
- next if !$net;
- next if $netid && $opt != $netid;
- PVE::Firewall::generate_tap_rules($net, $opt, $vmid);
- }
-
- return undef;
+ my $code = sub {
+ my $conf = PVE::QemuServer::load_config($vmid);
+
+ foreach my $opt (keys %$conf) {
+ next if $opt !~ m/^net(\d+)$/;
+ my $net = PVE::QemuServer::parse_net($conf->{$opt});
+ next if !$net;
+ next if $netid && $opt != $netid;
+ PVE::Firewall::generate_tap_rules($net, $opt, $vmid);
+ }
+ };
+
+ PVE::Firewall::run_locked($code);
+
+ return undef;
}});
__PACKAGE__->register_method({
my $vmid = $param->{vmid};
my $netid = $param->{netid};
- my $conf = PVE::QemuServer::load_config($vmid);
- foreach my $opt (keys %$conf) {
- next if $opt !~ m/^net(\d+)$/;
- my $net = PVE::QemuServer::parse_net($conf->{$opt});
- next if !$net;
- next if $netid && $opt != $netid;
- PVE::Firewall::flush_tap_rules($net, $opt, $vmid);
- }
+ my $code = sub {
+ my $conf = PVE::QemuServer::load_config($vmid);
+
+ foreach my $opt (keys %$conf) {
+ next if $opt !~ m/^net(\d+)$/;
+ my $net = PVE::QemuServer::parse_net($conf->{$opt});
+ next if !$net;
+ next if $netid && $opt != $netid;
+ PVE::Firewall::flush_tap_rules($net, $opt, $vmid);
+ }
+ };
+
+ PVE::Firewall::run_locked($code);
return undef;
}});
__PACKAGE__->register_method({
- name => 'enablehostfw',
- path => 'enablehostfw',
+ name => 'enablegroup',
+ path => 'enablegroup',
method => 'POST',
parameters => {
- additionalProperties => 0,
- properties => {},
+ additionalProperties => 0,
+ properties => {
+ securitygroup => {
+ type => 'string',
+ },
+ },
},
returns => { type => 'null' },
-
code => sub {
- my ($param) = @_;
+ my ($param) = @_;
- PVE::Firewall::enablehostfw();
+ my $code = sub {
+ my $group = $param->{securitygroup};
+ PVE::Firewall::enable_group_rules($group);
+ };
- return undef;
+ PVE::Firewall::run_locked($code);
+
+ return undef;
}});
__PACKAGE__->register_method({
- name => 'disablehostfw',
- path => 'disablehostfw',
+ name => 'disablegroup',
+ path => 'disablegroup',
method => 'POST',
parameters => {
- additionalProperties => 0,
- properties => {},
+ additionalProperties => 0,
+ properties => {
+ securitygroup => {
+ type => 'string',
+ },
+
+ },
},
returns => { type => 'null' },
-
code => sub {
- my ($param) = @_;
+ my ($param) = @_;
- PVE::Firewall::disablehostfw();
+ my $code = sub {
+ my $group = $param->{securitygroup};
+ PVE::Firewall::disable_group_rules($group);
+ };
- return undef;
+ PVE::Firewall::run_locked($code);
+
+ return undef;
}});
-__PACKAGE__->register_method ({
- name => 'compile',
- path => 'compile',
+__PACKAGE__->register_method({
+ name => 'enablehostfw',
+ path => 'enablehostfw',
method => 'POST',
- description => "Compile firewall rules.",
parameters => {
additionalProperties => 0,
properties => {},
code => sub {
my ($param) = @_;
- PVE::Firewall::compile();
+ my $code = sub {
+ PVE::Firewall::enablehostfw();
+ };
+
+ PVE::Firewall::run_locked($code);
return undef;
}});
-__PACKAGE__->register_method ({
- name => 'start',
- path => 'start',
+__PACKAGE__->register_method({
+ name => 'disablehostfw',
+ path => 'disablehostfw',
method => 'POST',
- description => "Start firewall.",
parameters => {
additionalProperties => 0,
properties => {},
code => sub {
my ($param) = @_;
- PVE::Firewall::compile_and_start();
+ my $code = sub {
+ PVE::Firewall::disablehostfw();
+ };
+
+ PVE::Firewall::run_locked($code);
return undef;
}});
__PACKAGE__->register_method ({
- name => 'restart',
- path => 'restart',
+ name => 'compile',
+ path => 'compile',
method => 'POST',
- description => "Restart firewall.",
+ description => "Compile firewall rules.",
parameters => {
additionalProperties => 0,
properties => {},
code => sub {
my ($param) = @_;
- PVE::Firewall::compile_and_start(1);
+ my $code = sub {
+ PVE::Firewall::compile();
+ };
+
+ PVE::Firewall::run_locked($code);
return undef;
}});
__PACKAGE__->register_method ({
- name => 'stop',
- path => 'stop',
+ name => 'start',
+ path => 'start',
method => 'POST',
- description => "Stop firewall.",
+ description => "Start (or restart if already active) firewall.",
parameters => {
additionalProperties => 0,
properties => {},
code => sub {
my ($param) = @_;
- PVE::Tools::run_command(['shorewall', 'stop']);
+ my $code = sub {
+ PVE::Firewall::compile_and_start();
+ };
+
+ PVE::Firewall::run_locked($code);
return undef;
}});
__PACKAGE__->register_method ({
- name => 'clear',
- path => 'clear',
+ name => 'stop',
+ path => 'stop',
method => 'POST',
- description => "Clear will remove all rules installed by this script. The host is then unprotected.",
+ description => "Stop firewall. This will remove all rules installed by this script. The host is then unprotected.",
parameters => {
additionalProperties => 0,
properties => {},
code => sub {
my ($param) = @_;
- PVE::Tools::run_command(['shorewall', 'clear']);
+ my $code = sub {
+ die "implement me";
+ };
+
+ PVE::Firewall::run_locked($code);
return undef;
}});
start => [ __PACKAGE__, 'start', []],
restart => [ __PACKAGE__, 'restart', []],
stop => [ __PACKAGE__, 'stop', []],
- clear => [ __PACKAGE__, 'clear', []],
enablevmfw => [ __PACKAGE__, 'enablevmfw', []],
disablevmfw => [ __PACKAGE__, 'disablevmfw', []],
enablehostfw => [ __PACKAGE__, 'enablehostfw', []],
disablehostfw => [ __PACKAGE__, 'disablehostfw', []],
+ enablegroup => [ __PACKAGE__, 'enablegroup', []],
+ disablegroup => [ __PACKAGE__, 'disablegroup', []],
};
my $cmd = shift;
projects / pve-firewall.git / blobdiff