use PVE::Tools qw($IPV4RE $IPV6RE);
use PVE::Tools qw(run_command lock_file dir_glob_foreach);
+use PVE::Firewall::Helpers;
+
my $pvefw_conf_dir = "/etc/pve/firewall";
my $clusterfw_conf_filename = "$pvefw_conf_dir/cluster.fw";
{ action => 'PARAM', proto => '41' },
{ action => 'PARAM', proto => 'udp', dport => '5072,8374' },
],
+ 'SPICEproxy' => [
+ "Proxmox VE SPICE display proxy traffic",
+ { action => 'PARAM', proto => 'tcp', dport => '3128' },
+ ],
'Squid' => [
"Squid web proxy traffic",
{ action => 'PARAM', proto => 'tcp', dport => '3128' },
return $vmdata;
};
+# FIXME: move use sites over to moved helper and break older packages, then remove this here
sub lock_vmfw_conf {
- my ($vmid, $timeout, $code, @param) = @_;
-
- die "can't lock VM firewall config for undefined VMID\n"
- if !defined($vmid);
-
- my $res = PVE::Cluster::cfs_lock_firewall("vm-$vmid", $timeout, $code, @param);
- die $@ if $@;
-
- return $res;
+ return PVE::Firewall::Helpers::lock_vmfw_conf(@_);
}
sub load_vmfw_conf {
}
}
+# FIXME: remove with 8.0 and break older qemu-server/pve-container
sub remove_vmfw_conf {
- my ($vmid) = @_;
-
- my $vmfw_conffile = "$pvefw_conf_dir/$vmid.fw";
-
- unlink $vmfw_conffile;
+ return PVE::Firewall::Helpers::remove_vmfw_conf(@_);
}
+# FIXME: remove with 8.0 and break older qemu-server/pve-container
sub clone_vmfw_conf {
- my ($vmid, $newid) = @_;
-
- my $sourcevm_conffile = "$pvefw_conf_dir/$vmid.fw";
- my $clonevm_conffile = "$pvefw_conf_dir/$newid.fw";
-
- lock_vmfw_conf($newid, 10, sub {
- if (-f $clonevm_conffile) {
- unlink $clonevm_conffile;
- }
- if (-f $sourcevm_conffile) {
- my $data = PVE::Tools::file_get_contents($sourcevm_conffile);
- PVE::Tools::file_set_contents($clonevm_conffile, $data);
- }
- });
+ return PVE::Firewall::Helpers::clone_vmfw_conf(@_);
}
sub read_vm_firewall_configs {
}
}
-sub lock_hostfw_conf {
- my ($timeout, $code, @param) = @_;
+sub lock_hostfw_conf : prototype($$$@) {
+ my ($node, $timeout, $code, @param) = @_;
+
+ $node = $nodename if !defined($node);
- my $res = PVE::Cluster::cfs_lock_firewall("host-$nodename", $timeout, $code, @param);
+ my $res = PVE::Cluster::cfs_lock_firewall("host-$node", $timeout, $code, @param);
die $@ if $@;
return $res;
}
sub save_hostfw_conf {
- my ($hostfw_conf) = @_;
+ my ($hostfw_conf, $filename) = @_;
+
+ $filename = $hostfw_conf_filename if !defined($filename);
my $raw = '';
}
if ($raw) {
- PVE::Tools::file_set_contents($hostfw_conf_filename, $raw);
+ PVE::Tools::file_set_contents($filename, $raw);
} else {
- unlink $hostfw_conf_filename;
+ unlink $filename;
}
}