implement config parser/writer and API. iptables functionatity is missing.
my $properties = $class->additional_parameters();
$properties->{name} = $api_properties->{name};
- $properties->{cidr} = $api_properties->{cidr};
$properties->{digest} = get_standard_option('pve-config-digest');
$class->register_method({
__PACKAGE__->register_handlers();
+package PVE::API2::Firewall::VMAliases;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::AliasesBase);
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($param->{vmid});
+ my $aliases = $fw_conf->{aliases};
+
+ return ($fw_conf, $aliases);
+}
+
+sub save_aliases {
+ my ($class, $param, $fw_conf, $aliases) = @_;
+
+ $fw_conf->{aliases} = $aliases;
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
1;
use PVE::Cluster;
use PVE::Firewall;
use PVE::API2::Firewall::Rules;
+use PVE::API2::Firewall::Aliases;
use Data::Dumper; # fixme: remove
path => 'rules',
});
+__PACKAGE__->register_method ({
+ subclass => "PVE::API2::Firewall::VMAliases",
+ path => 'aliases',
+});
+
__PACKAGE__->register_method({
name => 'index',
path => '',
return ($opt, $value);
}
-sub parse_clusterfw_alias {
+sub parse_alias {
my ($line) = @_;
# we can add single line comments to the end of the line
sub parse_vm_fw_rules {
my ($filename, $fh) = @_;
- my $res = { rules => [], options => {}};
+ my $res = {
+ rules => [],
+ options => {},
+ aliases => {},
+ };
my $section;
next;
}
+ if ($section eq 'aliases') {
+ eval {
+ my $data = parse_alias($line);
+ $res->{aliases}->{lc($data->{name})} = $data;
+ };
+ warn "$prefix: $@" if $@;
+ next;
+ }
+
my $rule;
eval { $rule = parse_fw_rule($line, 1, 1); };
if (my $err = $@) {
warn "$prefix: $@" if $@;
} elsif ($section eq 'aliases') {
eval {
- my $data = parse_clusterfw_alias($line);
+ my $data = parse_alias($line);
$res->{aliases}->{lc($data->{name})} = $data;
};
warn "$prefix: $@" if $@;
my $options = $vmfw_conf->{options};
$raw .= &$format_options($options) if scalar(keys %$options);
+ my $aliases = $vmfw_conf->{aliases};
+ $raw .= &$format_aliases($aliases) if scalar(keys %$aliases);
+
my $rules = $vmfw_conf->{rules} || [];
if (scalar(@$rules)) {
$raw .= "[RULES]\n\n";
next if $cstate =~ m/NEW/;
- die "please implement cstate test '$cstate'";
+ die "cstate test '$cstate' not implemented\n";
}
if ($rule =~ s/^-m addrtype --src-type (\S+)\s*//) {
my $atype = $1;
- die "missing srctype" if !$pkg->{srctype};
+ die "missing source address type (srctype)\n"
+ if !$pkg->{srctype};
return undef if $atype ne $pkg->{srctype};
}
if ($rule =~ s/^-m addrtype --dst-type (\S+)\s*//) {
my $atype = $1;
- die "missing dsttype" if !$pkg->{dsttype};
+ die "missing destination address type (dsttype)\n"
+ if !$pkg->{dsttype};
return undef if $atype ne $pkg->{dsttype};
}
if ($rule =~ s/^-i (\S+)\s*//) {
my $devre = $1;
- die "missing iface_in" if !$pkg->{iface_in};
+ die "missing interface (iface_in)\n" if !$pkg->{iface_in};
return undef if !nf_dev_match($devre, $pkg->{iface_in});
next;
}
if ($rule =~ s/^-o (\S+)\s*//) {
my $devre = $1;
- die "missing iface_out" if !$pkg->{iface_out};
+ die "missing interface (iface_out)\n" if !$pkg->{iface_out};
return undef if !nf_dev_match($devre, $pkg->{iface_out});
next;
}