From a332200b53c7d2d53f9b4c76c50de56a252e8f5f Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Thu, 13 Feb 2014 10:55:48 +0100 Subject: [PATCH 1/1] remove shorewall specific commands --- PVE/Firewall.pm | 29 +++++++++++++---------------- pvefw | 45 +++------------------------------------------ 2 files changed, 16 insertions(+), 58 deletions(-) diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm index ff5cadf..8e5cfb1 100644 --- a/PVE/Firewall.pm +++ b/PVE/Firewall.pm @@ -15,15 +15,19 @@ use Data::Dumper; my $macros; my @ruleset = (); -sub get_shorewall_macros { +# todo: implement some kind of MACROS, like shorewall /usr/share/shorewall/macro.* +sub get_firewall_macros { return $macros if $macros; - foreach my $path () { - if ($path =~ m|/macro\.(\S+)$|) { - $macros->{$1} = 1; - } - } + #foreach my $path () { + # if ($path =~ m|/macro\.(\S+)$|) { + # $macros->{$1} = 1; + # } + #} + + $macros = {}; # fixme: implemet me + return $macros; } @@ -859,7 +863,7 @@ sub parse_fw_rules { my $res = { in => [], out => [] }; - my $macros = get_shorewall_macros(); + my $macros = get_firewall_macros(); my $protocols = get_etc_protocols(); while (defined(my $line = <$fh>)) { @@ -992,18 +996,12 @@ sub read_vm_firewall_rules { } sub compile { - my $vmdata = read_local_vm_config(); my $rules = read_vm_firewall_rules($vmdata); # print Dumper($vmdata); - my $swdir = '/etc/shorewall'; - mkdir $swdir; - - &$compile_shorewall($swdir, $vmdata, $rules); - - PVE::Tools::run_command(['shorewall', 'compile']); + die "implement me"; } sub compile_and_start { @@ -1011,8 +1009,7 @@ sub compile_and_start { compile(); - PVE::Tools::run_command(['shorewall', $restart ? 'restart' : 'start']); + die "implement me"; } - 1; diff --git a/pvefw b/pvefw index 70a2bee..f727394 100755 --- a/pvefw +++ b/pvefw @@ -204,7 +204,7 @@ __PACKAGE__->register_method ({ name => 'start', path => 'start', method => 'POST', - description => "Start firewall.", + description => "Start (or restart if already active) firewall.", parameters => { additionalProperties => 0, properties => {}, @@ -219,49 +219,11 @@ __PACKAGE__->register_method ({ return undef; }}); -__PACKAGE__->register_method ({ - name => 'restart', - path => 'restart', - method => 'POST', - description => "Restart firewall.", - parameters => { - additionalProperties => 0, - properties => {}, - }, - returns => { type => 'null' }, - - code => sub { - my ($param) = @_; - - PVE::Firewall::compile_and_start(1); - - return undef; - }}); - __PACKAGE__->register_method ({ name => 'stop', path => 'stop', method => 'POST', - description => "Stop firewall.", - parameters => { - additionalProperties => 0, - properties => {}, - }, - returns => { type => 'null' }, - - code => sub { - my ($param) = @_; - - PVE::Tools::run_command(['shorewall', 'stop']); - - return undef; - }}); - -__PACKAGE__->register_method ({ - name => 'clear', - path => 'clear', - method => 'POST', - description => "Clear will remove all rules installed by this script. The host is then unprotected.", + description => "Stop firewall. This will remove all rules installed by this script. The host is then unprotected.", parameters => { additionalProperties => 0, properties => {}, @@ -271,7 +233,7 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; - PVE::Tools::run_command(['shorewall', 'clear']); + die "implement me"; return undef; }}); @@ -283,7 +245,6 @@ my $cmddef = { start => [ __PACKAGE__, 'start', []], restart => [ __PACKAGE__, 'restart', []], stop => [ __PACKAGE__, 'stop', []], - clear => [ __PACKAGE__, 'clear', []], enablevmfw => [ __PACKAGE__, 'enablevmfw', []], disablevmfw => [ __PACKAGE__, 'disablevmfw', []], enablehostfw => [ __PACKAGE__, 'enablehostfw', []], -- 2.39.2