+__PACKAGE__->register_method ({
+ name => 'status',
+ path => 'status',
+ method => 'GET',
+ description => "Get firewall status.",
+ parameters => {
+ additionalProperties => 0,
+ properties => {},
+ },
+ returns => {
+ type => 'object',
+ additionalProperties => 0,
+ properties => {
+ status => {
+ type => 'string',
+ enum => ['unknown', 'stopped', 'active'],
+ },
+ changes => {
+ description => "Set when there are pending changes.",
+ type => 'boolean',
+ optional => 1,
+ }
+ },
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $rpcenv = PVE::RPCEnvironment::get();
+
+ $param->{verbose} = 1
+ if !defined($param->{verbose}) && ($rpcenv->{type} eq 'cli');
+
+ my $code = sub {
+ my $status = PVE::Firewall::read_pvefw_status();
+
+ my $res = { status => $status };
+ if ($status eq 'active') {
+ my $ruleset = PVE::Firewall::compile();
+ my $cmdlist = PVE::Firewall::get_rulset_cmdlist($ruleset);
+
+ if ($cmdlist ne "*filter\nCOMMIT\n") {
+ $res->{changes} = 1;
+ }
+ }
+
+ return $res;
+ };
+
+ return PVE::Firewall::run_locked($code);
+ }});
+