[pdm-devel] superseded: [PATCH proxmox{, -yew-comp, -datacenter-manager} 00/13] add basic integration of PVE firewall

[Hannes Laimer <h.laimer@proxmox.com>]

superseded-by: 
https://lore.proxmox.com/pdm-devel/20251105163546.450094-1-h.laimer@proxmox.com/T/#t

On 10/30/25 15:34, Hannes Laimer wrote:
> This adds a basic UI for displaying the status of the firewall on remotes,
> nodes and guests in a tree. Status includes whether the firewall is
> enabled and the count of enabled rules. These rules are also shown in a
> panel once an enetity in the tree is selected. Firewall options can be
> edited, most useful is probably enable/disable, but generally all
> options are exposed(since we had the types anyway).
> 
> Generally loading the status involves 2 requests per entity, so the PDM
> server has to do quite a bit of work collecting all the relevant data.
> That is the reason we have multiple status endpoints
>   - for all pve remotes
>   - for a specific remote
>   - for a specific node
> a bit more context on the commit adding these endpoints. With these we
> can limit the number of requests the PDM potentially has to do. In this
> context a cache could also make sense, should be somewhat straight
> forward integrating something like Dominik proposed in [1]. But since
> these are configs, caches would have to be really short lived, but still,
> they could help with different useres requesting the same data at close
> to the same time.
> 
> Firewall options edit form and the firewall rules tables were added to
> yew-comp as they are not necesarrily PDM specific. I tried having them
> in a way so it would not be too complicated reusing them in other places
> at some point.
> 
> This also includes an updated pve-api.json, some api endpoint specs did
> require minor adjustments so they'd work with the type generator. This
> includes the not yet applied changes in [2]. This also needs [3] to be
> present. Generally this is build with the latest master of
> proxmox-yew-comp and proxmox-yew-widget-toolkit.
> 
> Notes: node or guest firewalls could be enabled, but end up being masked
> by the cluster setting. I tried visualizing that by having the checkmark
> normal if masked and green if not.
> 
> [1] https://lore.proxmox.com/pdm-devel/20251017120315.2723235-1-d.csapak@proxmox.com/
> [2] https://lore.proxmox.com/pve-devel/20251023141546.105302-1-h.laimer@proxmox.com/T/#u
> [3] https://lore.proxmox.com/yew-devel/20251029173528.378487-1-h.laimer@proxmox.com/T/#u
> 
> 
> proxmox:
> 
> Hannes Laimer (5):
>    pve-api-types: update pve-api.json
>    pve-api-types: add get/update firewall options endpoints
>    pve-api-types: schema2rust: handle `macro` keyword like we do `type`
>    pve-api-types: add list firewall rules endpoints
>    pve-api-types: regenerate
> 
>   pve-api-types/generate.pl                  |   54 +
>   pve-api-types/generator-lib/Schema2Rust.pm |    7 +-
>   pve-api-types/pve-api.json                 |  377 +-----
>   pve-api-types/src/generated/code.rs        |  206 ++-
>   pve-api-types/src/generated/types.rs       | 1364 +++++++++++++++++++-
>   5 files changed, 1593 insertions(+), 415 deletions(-)
> 
> 
> proxmox-yew-comp:
> 
> Hannes Laimer (4):
>    form: add helpers for extractig data out of schemas
>    firewall: add FirewallContext
>    firewall: add options edit form
>    firewall: add rules table
> 
>   src/firewall/context.rs             | 142 ++++++++++
>   src/firewall/log_ratelimit_field.rs | 310 +++++++++++++++++++++
>   src/firewall/mod.rs                 |  11 +
>   src/firewall/options_edit.rs        | 404 ++++++++++++++++++++++++++++
>   src/firewall/rules.rs               | 217 +++++++++++++++
>   src/form/mod.rs                     |  70 +++++
>   src/lib.rs                          |   3 +
>   7 files changed, 1157 insertions(+)
>   create mode 100644 src/firewall/context.rs
>   create mode 100644 src/firewall/log_ratelimit_field.rs
>   create mode 100644 src/firewall/mod.rs
>   create mode 100644 src/firewall/options_edit.rs
>   create mode 100644 src/firewall/rules.rs
> 
> 
> proxmox-datacenter-manager:
> 
> Hannes Laimer (4):
>    pdm-api-types: add firewall status types
>    api: firewall: add option, rules and status endpoints
>    pdm-client: add api methods for firewall options, rules and status
>      endpoints
>    ui: add firewall status tree
> 
>   lib/pdm-api-types/src/firewall.rs     | 171 ++++++
>   lib/pdm-api-types/src/lib.rs          |   2 +
>   lib/pdm-client/src/lib.rs             | 133 +++++
>   server/src/api/pve/firewall.rs        | 756 ++++++++++++++++++++++++++
>   server/src/api/pve/lxc.rs             |   1 +
>   server/src/api/pve/mod.rs             |   3 +
>   server/src/api/pve/node.rs            |   1 +
>   server/src/api/pve/qemu.rs            |   1 +
>   ui/src/remotes/firewall/columns.rs    | 150 +++++
>   ui/src/remotes/firewall/mod.rs        |  30 +
>   ui/src/remotes/firewall/tree.rs       | 634 +++++++++++++++++++++
>   ui/src/remotes/firewall/types.rs      | 284 ++++++++++
>   ui/src/remotes/firewall/ui_helpers.rs | 156 ++++++
>   ui/src/remotes/mod.rs                 |  10 +
>   14 files changed, 2332 insertions(+)
>   create mode 100644 lib/pdm-api-types/src/firewall.rs
>   create mode 100644 server/src/api/pve/firewall.rs
>   create mode 100644 ui/src/remotes/firewall/columns.rs
>   create mode 100644 ui/src/remotes/firewall/mod.rs
>   create mode 100644 ui/src/remotes/firewall/tree.rs
>   create mode 100644 ui/src/remotes/firewall/types.rs
>   create mode 100644 ui/src/remotes/firewall/ui_helpers.rs
> 
> 
> Summary over all repositories:
>    26 files changed, 5082 insertions(+), 415 deletions(-)
> 



_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel