my $macros;
my @ruleset = ();
-sub get_shorewall_macros {
+# todo: implement some kind of MACROS, like shorewall /usr/share/shorewall/macro.*
+sub get_firewall_macros {
return $macros if $macros;
- foreach my $path (</usr/share/shorewall/macro.*>) {
- if ($path =~ m|/macro\.(\S+)$|) {
- $macros->{$1} = 1;
- }
- }
+ #foreach my $path (</usr/share/shorewall/macro.*>) {
+ # if ($path =~ m|/macro\.(\S+)$|) {
+ # $macros->{$1} = 1;
+ # }
+ #}
+
+ $macros = {}; # fixme: implemet me
+
return $macros;
}
my $res = { in => [], out => [] };
- my $macros = get_shorewall_macros();
+ my $macros = get_firewall_macros();
my $protocols = get_etc_protocols();
while (defined(my $line = <$fh>)) {
}
sub compile {
-
my $vmdata = read_local_vm_config();
my $rules = read_vm_firewall_rules($vmdata);
# print Dumper($vmdata);
- my $swdir = '/etc/shorewall';
- mkdir $swdir;
-
- &$compile_shorewall($swdir, $vmdata, $rules);
-
- PVE::Tools::run_command(['shorewall', 'compile']);
+ die "implement me";
}
sub compile_and_start {
compile();
- PVE::Tools::run_command(['shorewall', $restart ? 'restart' : 'start']);
+ die "implement me";
}
-
1;
name => 'start',
path => 'start',
method => 'POST',
- description => "Start firewall.",
+ description => "Start (or restart if already active) firewall.",
parameters => {
additionalProperties => 0,
properties => {},
return undef;
}});
-__PACKAGE__->register_method ({
- name => 'restart',
- path => 'restart',
- method => 'POST',
- description => "Restart firewall.",
- parameters => {
- additionalProperties => 0,
- properties => {},
- },
- returns => { type => 'null' },
-
- code => sub {
- my ($param) = @_;
-
- PVE::Firewall::compile_and_start(1);
-
- return undef;
- }});
-
__PACKAGE__->register_method ({
name => 'stop',
path => 'stop',
method => 'POST',
- description => "Stop firewall.",
- parameters => {
- additionalProperties => 0,
- properties => {},
- },
- returns => { type => 'null' },
-
- code => sub {
- my ($param) = @_;
-
- PVE::Tools::run_command(['shorewall', 'stop']);
-
- return undef;
- }});
-
-__PACKAGE__->register_method ({
- name => 'clear',
- path => 'clear',
- method => 'POST',
- description => "Clear will remove all rules installed by this script. The host is then unprotected.",
+ description => "Stop firewall. This will remove all rules installed by this script. The host is then unprotected.",
parameters => {
additionalProperties => 0,
properties => {},
code => sub {
my ($param) = @_;
- PVE::Tools::run_command(['shorewall', 'clear']);
+ die "implement me";
return undef;
}});
start => [ __PACKAGE__, 'start', []],
restart => [ __PACKAGE__, 'restart', []],
stop => [ __PACKAGE__, 'stop', []],
- clear => [ __PACKAGE__, 'clear', []],
enablevmfw => [ __PACKAGE__, 'enablevmfw', []],
disablevmfw => [ __PACKAGE__, 'disablevmfw', []],
enablehostfw => [ __PACKAGE__, 'enablehostfw', []],