+ # print Dumper($vmdata);
+
+ my $swdir = '/etc/shorewall';
+ mkdir $swdir;
+
+ PVE::Firewall::compile($swdir, $vmdata, $rules);
+
+ PVE::Tools::run_command(['shorewall', 'compile']);
+
+ return undef;
+
+ }});
+
+__PACKAGE__->register_method ({
+ name => 'start',
+ path => 'start',
+ method => 'POST',
+ description => "Start firewall.",
+ parameters => {
+ additionalProperties => 0,
+ properties => {},
+ },
+ returns => { type => 'null' },
+
+ code => sub {
+ my ($param) = @_;
+
+ PVE::Tools::run_command(['shorewall', 'start']);
+
+ return undef;
+ }});
+
+__PACKAGE__->register_method ({
+ name => 'stop',
+ path => 'stop',
+ method => 'POST',
+ description => "Stop firewall.",
+ parameters => {
+ additionalProperties => 0,
+ properties => {},
+ },
+ returns => { type => 'null' },
+
+ code => sub {
+ my ($param) = @_;
+
+ PVE::Tools::run_command(['shorewall', 'stop']);
+
+ return undef;
+ }});
+
+__PACKAGE__->register_method ({
+ name => 'clear',
+ path => 'clear',
+ method => 'POST',
+ description => "Clear will remove all rules installed by this script. The host is then unprotected.",
+ parameters => {
+ additionalProperties => 0,
+ properties => {},
+ },
+ returns => { type => 'null' },
+
+ code => sub {
+ my ($param) = @_;
+
+ PVE::Tools::run_command(['shorewall', 'clear']);
+
+ return undef;
+ }});
+
+my $nodename = PVE::INotify::nodename();
+
+my $cmddef = {
+ compile => [ __PACKAGE__, 'compile', []],
+ start => [ __PACKAGE__, 'start', []],
+ stop => [ __PACKAGE__, 'stop', []],
+ clear => [ __PACKAGE__, 'clear', []],
+};
+
+my $cmd = shift;
+
+PVE::CLIHandler::handle_cmd($cmddef, "pvefw", $cmd, \@ARGV, undef, $0);