[pve-manager.git] / www / manager6 / grid / FirewallOptions.js

Ext.define('PVE.FirewallOptions', {
    extend: 'Proxmox.grid.ObjectGrid',
    alias: ['widget.pveFirewallOptions'],

    fwtype: undefined, // 'dc', 'node' or 'vm'

    base_url: undefined,

    initComponent: function() {
	var me = this;

	if (!me.base_url) {
	    throw "missing base_url configuration";
	}

	if (me.fwtype === 'dc' || me.fwtype === 'node' || me.fwtype === 'vm') {
	    if (me.fwtype === 'node') {
		me.cwidth1 = 250;
	    }
	} else {
	    throw "unknown firewall option type";
	}

	let caps = Ext.state.Manager.get('GuiCap');

	me.rows = {};

	var add_boolean_row = function(name, text, defaultValue) {
	    me.add_boolean_row(name, text, { defaultValue: defaultValue });
	};
	var add_integer_row = function(name, text, minValue, labelWidth) {
	    me.add_integer_row(name, text, {
		minValue: minValue,
		deleteEmpty: true,
		labelWidth: labelWidth,
		renderer: function(value) {
		    if (value === undefined) {
			return Proxmox.Utils.defaultText;
		    }

		    return value;
		},
	    });
	};

	var add_log_row = function(name, labelWidth) {
	    me.rows[name] = {
		header: name,
		required: true,
		defaultValue: 'nolog',
		editor: {
		    xtype: 'proxmoxWindowEdit',
		    subject: name,
		    fieldDefaults: { labelWidth: labelWidth || 100 },
		    items: {
			xtype: 'pveFirewallLogLevels',
			name: name,
			fieldLabel: name,
		    },
		},
	    };
	};

	if (me.fwtype === 'node') {
	    me.rows.enable = {
		required: true,
		defaultValue: 1,
		header: gettext('Firewall'),
		renderer: Proxmox.Utils.format_boolean,
		editor: {
		    xtype: 'pveFirewallEnableEdit',
		    defaultValue: 1,
		},
	    };
	    add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
	    add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
	    add_boolean_row('ndp', 'NDP', 1);
	    add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120);
	    add_integer_row('nf_conntrack_tcp_timeout_established',
			    'nf_conntrack_tcp_timeout_established', 7875, 250);
	    add_log_row('log_level_in');
	    add_log_row('log_level_out');
	    add_log_row('tcp_flags_log_level', 120);
	    add_log_row('smurf_log_level');
	} else if (me.fwtype === 'vm') {
	    me.rows.enable = {
		required: true,
		defaultValue: 0,
		header: gettext('Firewall'),
		renderer: Proxmox.Utils.format_boolean,
		editor: {
		    xtype: 'pveFirewallEnableEdit',
		    defaultValue: 0,
		},
	    };
	    add_boolean_row('dhcp', 'DHCP', 1);
	    add_boolean_row('ndp', 'NDP', 1);
	    add_boolean_row('radv', gettext('Router Advertisement'), 0);
	    add_boolean_row('macfilter', gettext('MAC filter'), 1);
	    add_boolean_row('ipfilter', gettext('IP filter'), 0);
	    add_log_row('log_level_in');
	    add_log_row('log_level_out');
	} else if (me.fwtype === 'dc') {
	    add_boolean_row('enable', gettext('Firewall'), 0);
	    add_boolean_row('ebtables', 'ebtables', 1);
	    me.rows.log_ratelimit = {
		header: gettext('Log rate limit'),
		required: true,
		defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)',
		editor: {
		    xtype: 'pveFirewallLograteEdit',
		    defaultValue: 'enable=1',
		},
	    };
	}

	if (me.fwtype === 'dc' || me.fwtype === 'vm') {
	    me.rows.policy_in = {
		header: gettext('Input Policy'),
		required: true,
		defaultValue: 'DROP',
		editor: {
		    xtype: 'proxmoxWindowEdit',
		    subject: gettext('Input Policy'),
		    items: {
			xtype: 'pveFirewallPolicySelector',
			name: 'policy_in',
			value: 'DROP',
			fieldLabel: gettext('Input Policy'),
		    },
		},
	    };

	    me.rows.policy_out = {
		header: gettext('Output Policy'),
		required: true,
		defaultValue: 'ACCEPT',
		editor: {
		    xtype: 'proxmoxWindowEdit',
		    subject: gettext('Output Policy'),
		    items: {
			xtype: 'pveFirewallPolicySelector',
			name: 'policy_out',
			value: 'ACCEPT',
			fieldLabel: gettext('Output Policy'),
		    },
		},
	    };
	}

	var edit_btn = new Ext.Button({
	    text: gettext('Edit'),
	    disabled: true,
	    handler: function() { me.run_editor(); },
	});

	var set_button_status = function() {
	    var sm = me.getSelectionModel();
	    var rec = sm.getSelection()[0];

	    if (!rec) {
		edit_btn.disable();
		return;
	    }
	    var rowdef = me.rows[rec.data.key];
	    if (caps.vms['VM.Config.Network'] || caps.dc['Sys.Modify'] || caps.nodes['Sys.Modify']) {
		edit_btn.setDisabled(!rowdef.editor);
	    }
	};

	Ext.apply(me, {
	    url: "/api2/json" + me.base_url,
	    tbar: [edit_btn],
	    editorConfig: {
		url: '/api2/extjs/' + me.base_url,
	    },
	    listeners: {
		itemdblclick: me.run_editor,
		selectionchange: set_button_status,
	    },
	});

	me.callParent();

	me.on('activate', me.rstore.startUpdate);
	me.on('destroy', me.rstore.stopUpdate);
	me.on('deactivate', me.rstore.stopUpdate);
    },
});


Ext.define('PVE.FirewallLogLevels', {
    extend: 'Proxmox.form.KVComboBox',
    alias: ['widget.pveFirewallLogLevels'],

    name: 'log',
    fieldLabel: gettext('Log level'),
    value: 'nolog',
    comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'],
	['crit', 'crit'], ['err', 'err'], ['warning', 'warning'],
	['notice', 'notice'], ['info', 'info'], ['debug', 'debug']],
});
Commit	Line	Data
307a2fb8	1	Ext.define('PVE.FirewallOptions', {
8ea2c870	2	extend: 'Proxmox.grid.ObjectGrid',
307a2fb8 DM	3	alias: ['widget.pveFirewallOptions'],
	4
	5	fwtype: undefined, // 'dc', 'node' or 'vm'
	6
	7	base_url: undefined,
	8
8058410f	9	initComponent: function() {
307a2fb8 DM	10	var me = this;
	11
	12	if (!me.base_url) {
	13	throw "missing base_url configuration";
	14	}
	15
	16	if (me.fwtype === 'dc' \|\| me.fwtype === 'node' \|\| me.fwtype === 'vm') {
	17	if (me.fwtype === 'node') {
	18	me.cwidth1 = 250;
	19	}
	20	} else {
	21	throw "unknown firewall option type";
	22	}
	23
2e37e779 AD	24	let caps = Ext.state.Manager.get('GuiCap');
2e37e779 AD	25
746ebf2a	26	me.rows = {};
307a2fb8	27
746ebf2a TL	28	var add_boolean_row = function(name, text, defaultValue) {
746ebf2a TL	29	me.add_boolean_row(name, text, { defaultValue: defaultValue });
307a2fb8	30	};
aab2a64d DC	31	var add_integer_row = function(name, text, minValue, labelWidth) {
	32	me.add_integer_row(name, text, {
	33	minValue: minValue,
	34	deleteEmpty: true,
	35	labelWidth: labelWidth,
	36	renderer: function(value) {
	37	if (value === undefined) {
	38	return Proxmox.Utils.defaultText;
	39	}
	40
	41	return value;
f6710aac	42	},
aab2a64d	43	});
307a2fb8 DM	44	};
	45
	46	var add_log_row = function(name, labelWidth) {
746ebf2a	47	me.rows[name] = {
307a2fb8 DM	48	header: name,
	49	required: true,
	50	defaultValue: 'nolog',
	51	editor: {
9fccc702	52	xtype: 'proxmoxWindowEdit',
307a2fb8 DM	53	subject: name,
	54	fieldDefaults: { labelWidth: labelWidth \|\| 100 },
	55	items: {
3c37fe48	56	xtype: 'pveFirewallLogLevels',
307a2fb8	57	name: name,
f6710aac TL	58	fieldLabel: name,
	59	},
	60	},
307a2fb8 DM	61	};
	62	};
	63
307a2fb8	64	if (me.fwtype === 'node') {
75122e54 CE	65	me.rows.enable = {
	66	required: true,
	67	defaultValue: 1,
	68	header: gettext('Firewall'),
	69	renderer: Proxmox.Utils.format_boolean,
	70	editor: {
	71	xtype: 'pveFirewallEnableEdit',
f6710aac TL	72	defaultValue: 1,
f6710aac TL	73	},
75122e54	74	};
307a2fb8 DM	75	add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
307a2fb8 DM	76	add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
c4941d5b	77	add_boolean_row('ndp', 'NDP', 1);
aab2a64d	78	add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120);
746ebf2a	79	add_integer_row('nf_conntrack_tcp_timeout_established',
aab2a64d	80	'nf_conntrack_tcp_timeout_established', 7875, 250);
307a2fb8 DM	81	add_log_row('log_level_in');
	82	add_log_row('log_level_out');
	83	add_log_row('tcp_flags_log_level', 120);
	84	add_log_row('smurf_log_level');
	85	} else if (me.fwtype === 'vm') {
75122e54 CE	86	me.rows.enable = {
	87	required: true,
	88	defaultValue: 0,
	89	header: gettext('Firewall'),
	90	renderer: Proxmox.Utils.format_boolean,
	91	editor: {
	92	xtype: 'pveFirewallEnableEdit',
f6710aac TL	93	defaultValue: 0,
f6710aac TL	94	},
75122e54	95	};
6a5be79f	96	add_boolean_row('dhcp', 'DHCP', 1);
b9628aa5	97	add_boolean_row('ndp', 'NDP', 1);
0a3cf3d4	98	add_boolean_row('radv', gettext('Router Advertisement'), 0);
307a2fb8	99	add_boolean_row('macfilter', gettext('MAC filter'), 1);
9eef71f3	100	add_boolean_row('ipfilter', gettext('IP filter'), 0);
307a2fb8 DM	101	add_log_row('log_level_in');
	102	add_log_row('log_level_out');
	103	} else if (me.fwtype === 'dc') {
0a3cf3d4	104	add_boolean_row('enable', gettext('Firewall'), 0);
20f8d602	105	add_boolean_row('ebtables', 'ebtables', 1);
40120a31 CE	106	me.rows.log_ratelimit = {
	107	header: gettext('Log rate limit'),
	108	required: true,
671f470e	109	defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)',
40120a31	110	editor: {
671f470e	111	xtype: 'pveFirewallLograteEdit',
f6710aac TL	112	defaultValue: 'enable=1',
f6710aac TL	113	},
40120a31	114	};
746ebf2a TL	115	}
746ebf2a TL	116
307a2fb8	117	if (me.fwtype === 'dc' \|\| me.fwtype === 'vm') {
746ebf2a	118	me.rows.policy_in = {
307a2fb8 DM	119	header: gettext('Input Policy'),
	120	required: true,
	121	defaultValue: 'DROP',
	122	editor: {
9fccc702	123	xtype: 'proxmoxWindowEdit',
307a2fb8 DM	124	subject: gettext('Input Policy'),
	125	items: {
	126	xtype: 'pveFirewallPolicySelector',
	127	name: 'policy_in',
	128	value: 'DROP',
f6710aac TL	129	fieldLabel: gettext('Input Policy'),
	130	},
	131	},
307a2fb8 DM	132	};
307a2fb8 DM	133
746ebf2a	134	me.rows.policy_out = {
307a2fb8 DM	135	header: gettext('Output Policy'),
	136	required: true,
	137	defaultValue: 'ACCEPT',
	138	editor: {
9fccc702	139	xtype: 'proxmoxWindowEdit',
307a2fb8 DM	140	subject: gettext('Output Policy'),
	141	items: {
	142	xtype: 'pveFirewallPolicySelector',
	143	name: 'policy_out',
	144	value: 'ACCEPT',
f6710aac TL	145	fieldLabel: gettext('Output Policy'),
	146	},
	147	},
307a2fb8 DM	148	};
	149	}
	150
307a2fb8 DM	151	var edit_btn = new Ext.Button({
	152	text: gettext('Edit'),
	153	disabled: true,
f6710aac	154	handler: function() { me.run_editor(); },
307a2fb8 DM	155	});
	156
	157	var set_button_status = function() {
	158	var sm = me.getSelectionModel();
	159	var rec = sm.getSelection()[0];
	160
	161	if (!rec) {
	162	edit_btn.disable();
	163	return;
	164	}
746ebf2a	165	var rowdef = me.rows[rec.data.key];
2e37e779 AD	166	if (caps.vms['VM.Config.Network'] \|\| caps.dc['Sys.Modify'] \|\| caps.nodes['Sys.Modify']) {
	167	edit_btn.setDisabled(!rowdef.editor);
	168	}
307a2fb8 DM	169	};
307a2fb8 DM	170
bc5d0cf8	171	Ext.apply(me, {
307a2fb8	172	url: "/api2/json" + me.base_url,
8058410f	173	tbar: [edit_btn],
746ebf2a	174	editorConfig: {
f6710aac	175	url: '/api2/extjs/' + me.base_url,
746ebf2a	176	},
307a2fb8	177	listeners: {
746ebf2a	178	itemdblclick: me.run_editor,
f6710aac TL	179	selectionchange: set_button_status,
f6710aac TL	180	},
307a2fb8 DM	181	});
	182
	183	me.callParent();
	184
746ebf2a TL	185	me.on('activate', me.rstore.startUpdate);
	186	me.on('destroy', me.rstore.stopUpdate);
	187	me.on('deactivate', me.rstore.stopUpdate);
f6710aac	188	},
307a2fb8	189	});
3c37fe48 CE	190
	191
	192	Ext.define('PVE.FirewallLogLevels', {
	193	extend: 'Proxmox.form.KVComboBox',
	194	alias: ['widget.pveFirewallLogLevels'],
	195
	196	name: 'log',
	197	fieldLabel: gettext('Log level'),
	198	value: 'nolog',
	199	comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'],
	200	['crit', 'crit'], ['err', 'err'], ['warning', 'warning'],
f6710aac	201	['notice', 'notice'], ['info', 'info'], ['debug', 'debug']],
3c37fe48	202	});