use strict;
use warnings;
+
+use PVE::Exception qw(raise_param_exc);
use PVE::JSONSchema qw(get_standard_option);
use PVE::Cluster;
use PVE::Firewall;
use PVE::API2::Firewall::Rules;
use PVE::API2::Firewall::Aliases;
-use Data::Dumper; # fixme: remove
use base qw(PVE::RESTHandler);
-my $option_properties = {
- enable => {
- description => "Enable host firewall rules.",
- type => 'boolean',
- optional => 1,
- },
- macfilter => {
- description => "Enable/disable MAC address filter.",
- type => 'boolean',
- optional => 1,
- },
- dhcp => {
- description => "Enable DHCP.",
- type => 'boolean',
- optional => 1,
- },
- ndp => {
- description => "Enable NDP.",
- type => 'boolean',
- optional => 1,
- },
- policy_in => {
- description => "Input policy.",
- type => 'string',
- optional => 1,
- enum => ['ACCEPT', 'REJECT', 'DROP'],
- },
- policy_out => {
- description => "Output policy.",
- type => 'string',
- optional => 1,
- enum => ['ACCEPT', 'REJECT', 'DROP'],
- },
- log_level_in => get_standard_option('pve-fw-loglevel', {
- description => "Log level for incoming traffic." }),
- log_level_out => get_standard_option('pve-fw-loglevel', {
- description => "Log level for outgoing traffic." }),
-
-};
+my $option_properties = $PVE::Firewall::vm_option_properties;
my $add_option_properties = sub {
my ($properties) = @_;
foreach my $k (keys %$option_properties) {
$properties->{$k} = $option_properties->{$k};
}
-
+
return $properties;
};
if ($param->{delete}) {
foreach my $opt (PVE::Tools::split_list($param->{delete})) {
- raise_param_exc({ delete => "no such option '$opt'" })
+ raise_param_exc({ delete => "no such option '$opt'" })
if !$option_properties->{$opt};
delete $vmfw_conf->{options}->{$opt};
}
foreach my $k (keys %$option_properties) {
next if !defined($param->{$k});
- $vmfw_conf->{options}->{$k} = $param->{$k};
+ $vmfw_conf->{options}->{$k} = $param->{$k};
}
PVE::Firewall::save_vmfw_conf($param->{vmid}, $vmfw_conf);
-
+
return undef;
}});
$class->register_method({
- name => 'log',
- path => 'log',
+ name => 'log',
+ path => 'log',
method => 'GET',
description => "Read firewall log",
proxyto => 'node',
},
returns => {
type => 'array',
- items => {
+ items => {
type => "object",
properties => {
n => {
my $user = $rpcenv->get_user();
my $vmid = $param->{vmid};
- my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log",
+ my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log",
$param->{start}, $param->{limit},
"^$vmid ");
-
+
$rpcenv->set_result_attrib('total', $count);
-
- return $lines;
+
+ return $lines;
}});
type => 'array',
items => {
type => "object",
- properties => {
+ properties => {
type => {
type => 'string',
enum => ['alias', 'ipset'],
name => {
type => 'string',
},
- comment => {
+ comment => {
type => 'string',
optional => 1,
},
},
code => sub {
my ($param) = @_;
-
+
my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $rule_env, $param->{vmid});
next if !$conf;
if (!$param->{type} || $param->{type} eq 'ipset') {
foreach my $name (keys %{$conf->{ipset}}) {
- my $data = {
+ my $data = {
type => 'ipset',
name => $name,
ref => "+$name",
if (!$param->{type} || $param->{type} eq 'alias') {
foreach my $name (keys %{$conf->{aliases}}) {
my $e = $conf->{aliases}->{$name};
- my $data = {
+ my $data = {
type => 'alias',
name => $name,
ref => $name,
my $res = [];
foreach my $e (values %$ipsets) { push @$res, $e; };
foreach my $e (values %$aliases) { push @$res, $e; };
-
- return $res;
+
+ return $res;
}});
}
use base qw(PVE::API2::Firewall::VMBase);
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::VMRules",
+ subclass => "PVE::API2::Firewall::VMRules",
path => 'rules',
});
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::VMAliases",
+ subclass => "PVE::API2::Firewall::VMAliases",
path => 'aliases',
});
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::VMIPSetList",
+ subclass => "PVE::API2::Firewall::VMIPSetList",
path => 'ipset',
});
use base qw(PVE::API2::Firewall::VMBase);
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::CTRules",
+ subclass => "PVE::API2::Firewall::CTRules",
path => 'rules',
});
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::CTAliases",
+ subclass => "PVE::API2::Firewall::CTAliases",
path => 'aliases',
});
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::CTIPSetList",
+ subclass => "PVE::API2::Firewall::CTIPSetList",
path => 'ipset',
});