__PACKAGE__->register_handlers();
+package PVE::API2::Firewall::VMRules;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::RulesBase);
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($param->{vmid});
+ my $rules = $fw_conf->{rules};
+
+ return ($fw_conf, $rules);
+}
+
+sub save_rules {
+ my ($class, $param, $fw_conf, $rules) = @_;
+
+ $fw_conf->{rules} = $rules;
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
1;
use PVE::JSONSchema qw(get_standard_option);
use PVE::Cluster;
use PVE::Firewall;
+use PVE::API2::Firewall::Rules;
use Data::Dumper; # fixme: remove
use base qw(PVE::RESTHandler);
+__PACKAGE__->register_method ({
+ subclass => "PVE::API2::Firewall::VMRules",
+ path => 'rules',
+});
+
__PACKAGE__->register_method({
name => 'index',
path => '',
return $result;
}});
-__PACKAGE__->register_method({
- name => 'get_rules',
- path => 'rules',
- method => 'GET',
- description => "List VM firewall rules.",
- proxyto => 'node',
- parameters => {
- additionalProperties => 0,
- properties => {
- node => get_standard_option('pve-node'),
- vmid => get_standard_option('pve-vmid'),
- },
- },
- returns => {
- type => 'array',
- items => {
- type => "object",
- properties => {},
- },
- },
- code => sub {
- my ($param) = @_;
-
- my $vmid = $param->{vmid};
-
- my $vmlist = PVE::Cluster::get_vmlist();
-
- die "no such VM ('$vmid')\n"
- if !($vmlist && $vmlist->{ids} && defined($vmlist->{ids}->{$vmid}));
-
- my $vmfw_conf = PVE::Firewall::load_vmfw_conf($vmid);
-
- my $rules = $vmfw_conf->{rules} || [];
-
- my $digest = $vmfw_conf->{digest};
-
- my $res = [];
-
- my $ind = 0;
- foreach my $rule (@$rules) {
- push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++);
- }
-
- return $res;
- }});
-
__PACKAGE__->register_method({
name => 'get_options',
path => 'options',
return $vmfw_conf;
}
+my $format_rules = sub {
+ my ($rules, $need_iface) = @_;
+
+ my $raw = '';
+
+ foreach my $rule (@$rules) {
+ if ($rule->{type} eq 'in' || $rule->{type} eq 'out') {
+ $raw .= '|' if defined($rule->{enable}) && !$rule->{enable};
+ $raw .= uc($rule->{type});
+ $raw .= " " . $rule->{action};
+ $raw .= " " . ($rule->{iface} || '-') if $need_iface;
+ $raw .= " " . ($rule->{source} || '-');
+ $raw .= " " . ($rule->{dest} || '-');
+ $raw .= " " . ($rule->{proto} || '-');
+ $raw .= " " . ($rule->{dport} || '-');
+ $raw .= " " . ($rule->{sport} || '-');
+ $raw .= " # " . encode('utf8', $rule->{comment})
+ if $rule->{comment} && $rule->{comment} !~ m/^\s*$/;
+ $raw .= "\n";
+ } else {
+ die "implement me '$rule->{type}'";
+ }
+ }
+
+ return $raw;
+};
+
+my $format_options = sub {
+ my ($raw, $options) = @_;
+
+ $raw .= "[OPTIONS]\n\n";
+ foreach my $opt (keys %$options) {
+ $raw .= "$opt: $options->{$opt}\n";
+ }
+ $raw .= "\n";
+};
+
+sub save_vmfw_conf {
+ my ($vmid, $vmfw_conf) = @_;
+
+ my $raw = '';
+
+ my $options = $vmfw_conf->{options};
+ &$format_options($raw, $options) if scalar(keys %$options);
+
+ my $rules = $vmfw_conf->{rules};
+ if (scalar(@$rules)) {
+ $raw .= "[RULES]\n\n";
+ $raw .= &$format_rules($rules, 1);
+ $raw .= "\n";
+ }
+
+ my $filename = "/etc/pve/firewall/$vmid.fw";
+ PVE::Tools::file_set_contents($filename, $raw);
+}
+
sub read_vm_firewall_configs {
my ($vmdata) = @_;
my $vmfw_configs = {};
return $cluster_conf;
}
-my $format_rules = sub {
- my ($rules, $need_iface) = @_;
-
- my $raw = '';
-
- foreach my $rule (@$rules) {
- if ($rule->{type} eq 'in' || $rule->{type} eq 'out') {
- $raw .= '|' if defined($rule->{enable}) && !$rule->{enable};
- $raw .= uc($rule->{type});
- $raw .= " " . $rule->{action};
- $raw .= " " . ($rule->{iface} || '-') if $need_iface;
- $raw .= " " . ($rule->{source} || '-');
- $raw .= " " . ($rule->{dest} || '-');
- $raw .= " " . ($rule->{proto} || '-');
- $raw .= " " . ($rule->{dport} || '-');
- $raw .= " " . ($rule->{sport} || '-');
- $raw .= " # " . encode('utf8', $rule->{comment})
- if $rule->{comment} && $rule->{comment} !~ m/^\s*$/;
- $raw .= "\n";
- } else {
- die "implement me '$rule->{type}'";
- }
- }
-
- return $raw;
-};
-
-my $format_options = sub {
- my ($raw, $options) = @_;
-
- $raw .= "[OPTIONS]\n\n";
- foreach my $opt (keys %$options) {
- $raw .= "$opt: $options->{$opt}\n";
- }
- $raw .= "\n";
-};
-
sub save_clusterfw_conf {
my ($cluster_conf) = @_;