X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=src%2Fpve-firewall;h=d401b993ea5dd2d6b0d637cc339efa2f6650e8a2;hp=49b45cba7fb9e395a315d8a9539aaa9fbff45ff3;hb=7c619bbb2cbb6d903cf49979d5cdded6bd5f15fd;hpb=c9902e5a0e7eafea0ae9f4c30368cb8c35d85cba

diff --git a/src/pve-firewall b/src/pve-firewall
index 49b45cb..d401b99 100755
--- a/src/pve-firewall
+++ b/src/pve-firewall
@@ -58,6 +58,8 @@ sub restart_server {
 
     sleep($waittime) if $waittime; # avoid high server load due to restarts
 
+    PVE::INotify::inotify_close();
+
     exec (@$commandline);
     exit (-1); # never reached?
 }
@@ -332,10 +334,13 @@ __PACKAGE__->register_method ({
 
 	    my $res = { status => $status };
 	    if ($status eq 'active') {
-		my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile();
+		
+		my $verbose = 1; # show syntax errors 
+		my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile(undef, undef, undef, $verbose);
 
-		my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset);
-		my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset);
+		$verbose = 0; # do not show iptables details
+		my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
+		my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
 	      
 		$res->{changes} = ($ipset_changes || $ruleset_changes) ? 1 : 0;
 	    }
@@ -349,7 +354,7 @@ __PACKAGE__->register_method ({
 __PACKAGE__->register_method ({
     name => 'compile',
     path => 'compile',
-    method => 'POST',
+    method => 'GET',
     description => "Compile and print firewall rules. This is useful for testing.",
     parameters => {
     	additionalProperties => 0,
@@ -363,10 +368,13 @@ __PACKAGE__->register_method ({
 	local $SIG{'__WARN__'} = 'DEFAULT'; # do not fill up syslog
 
 	my $code = sub {
-	    my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile();
 
-	    my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, 1);
-	    my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, 1);
+	    my $verbose = 1;
+
+	    my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile(undef, undef, undef, $verbose);
+
+	    my (undef, undef, $ipset_changes) = PVE::Firewall::get_ipset_cmdlist($ipset_ruleset, $verbose);
+	    my (undef, $ruleset_changes) = PVE::Firewall::get_ruleset_cmdlist($ruleset, $verbose);
 	    if ($ipset_changes || $ruleset_changes) {
 		print "detected changes\n";
 	    } else {
@@ -379,10 +387,44 @@ __PACKAGE__->register_method ({
 	return undef;
     }});
 
+__PACKAGE__->register_method ({
+    name => 'localnet',
+    path => 'localnet',
+    method => 'GET',
+    description => "Print information about local network.",
+    parameters => {
+    	additionalProperties => 0,
+	properties => {},
+    },
+    returns => { type => 'null' },
+    code => sub {
+	my ($param) = @_;
+
+	local $SIG{'__WARN__'} = 'DEFAULT'; # do not fill up syslog
+
+	my $nodename = PVE::INotify::nodename();
+	print "local hostname: $nodename\n";
+
+	my $ip = PVE::Cluster::remote_node_ip($nodename);
+	print "local IP address: $ip\n";
+
+	my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+	
+	my $localnet = PVE::Firewall::local_network() || '127.0.0.0/8';
+	print "network auto detect: $localnet\n";
+	if ($cluster_conf->{aliases}->{local_network}) {
+	    print "using user defined local_network: $cluster_conf->{aliases}->{local_network}->{cidr}\n";
+	} else {
+	    print "using detected local_network: $localnet\n";
+	}
+
+	return undef;
+    }});
+
 __PACKAGE__->register_method ({
     name => 'simulate',
     path => 'simulate',
-    method => 'POST',
+    method => 'GET',
     description => "Simulate firewall rules. This does not simulate kernel 'routing' table. Instead, this simply assumes that routing from source zone to destination zone is possible.",
     parameters => {
     	additionalProperties => 0,
@@ -446,7 +488,7 @@ __PACKAGE__->register_method ({
 
 	local $SIG{'__WARN__'} = 'DEFAULT'; # do not fill up syslog
 
-	my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile();
+	my ($ruleset, $ipset_ruleset) = PVE::Firewall::compile(undef, undef, undef, $param->{verbose});
 
 	PVE::FirewallSimulator::debug($param->{verbose} || 0);
 	
@@ -497,6 +539,7 @@ my $cmddef = {
     stop => [ __PACKAGE__, 'stop', []],
     compile => [ __PACKAGE__, 'compile', []],
     simulate => [ __PACKAGE__, 'simulate', []],
+    localnet => [ __PACKAGE__, 'localnet', []],
     status => [ __PACKAGE__, 'status', [], undef, sub {
 	my $res = shift;
 	if ($res->{changes}) {