--- /dev/null
+package PVE::API2::Firewall::Host;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use PVE::Firewall;
+
+
+use Data::Dumper; # fixme: remove
+
+use base qw(PVE::RESTHandler);
+
+__PACKAGE__->register_method({
+ name => 'index',
+ path => '',
+ method => 'GET',
+ permissions => { user => 'all' },
+ description => "Directory index.",
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ },
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => "object",
+ properties => {},
+ },
+ links => [ { rel => 'child', href => "{name}" } ],
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $result = [
+ { name => 'rules' },
+ { name => 'options' },
+ ];
+
+ return $result;
+ }});
+
+__PACKAGE__->register_method({
+ name => 'get_rules',
+ path => 'rules',
+ method => 'GET',
+ description => "List host firewall rules.",
+ proxyto => 'node',
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ },
+ },
+ returns => {
+ type => 'array',
+ items => {
+ type => "object",
+ properties => {},
+ },
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
+
+ my $rules = $hostfw_conf->{rules} || [];
+
+ my $digest = $hostfw_conf->{digest};
+
+ my $res = [];
+
+ my $ind = 0;
+ foreach my $rule (@$rules) {
+ push @$res, PVE::Firewall::cleanup_fw_rule($rule, $digest, $ind++);
+ }
+
+ return $res;
+ }});
+
+__PACKAGE__->register_method({
+ name => 'get_options',
+ path => 'options',
+ method => 'GET',
+ description => "Get host firewall options.",
+ proxyto => 'node',
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ node => get_standard_option('pve-node'),
+ },
+ },
+ returns => {
+ type => "object",
+ properties => {},
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $hostfw_conf = PVE::Firewall::load_hostfw_conf();
+
+ my $options = $hostfw_conf->{options} || {};
+
+ my $digest = $hostfw_conf->{digest};
+
+ $options->{digest} = $digest;
+
+ return $options;
+ }});
+
+1;
my $section;
+ my $digest = Digest::SHA->new('sha1');
+
while (defined(my $line = <$fh>)) {
+ $digest->add($line);
+
next if $line =~ m/^#/;
next if $line =~ m/^\s*$/;
push @{$res->{$section}}, @$rules;
}
+ $res->{digest} = $digest->b64digest;
+
return $res;
}
return $groups_conf;
}
+sub load_hostfw_conf {
+
+ my $hostfw_conf = {};
+ my $filename = "/etc/pve/local/host.fw";
+ if (my $fh = IO::File->new($filename, O_RDONLY)) {
+ $hostfw_conf = parse_host_fw_rules($filename, $fh);
+ }
+ return $hostfw_conf;
+}
+
sub compile {
my $vmdata = read_local_vm_config();
my $vmfw_configs = read_vm_firewall_configs($vmdata);
ruleset_create_chain($ruleset, "PVEFW-FORWARD");
- my $hostfw_options = {};
- my $hostfw_conf = {};
-
- my $filename = "/etc/pve/local/host.fw";
- if (my $fh = IO::File->new($filename, O_RDONLY)) {
- $hostfw_conf = parse_host_fw_rules($filename, $fh);
- $hostfw_options = $hostfw_conf->{options};
- }
+ my $hostfw_conf = load_hostfw_conf();
+ my $hostfw_options = $hostfw_conf->{options} || {};
generate_std_chains($ruleset, $hostfw_options);