From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 995471FF15E for ; Mon, 10 Nov 2025 18:26:03 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 33D731CFA4; Mon, 10 Nov 2025 18:26:49 +0100 (CET) Message-ID: Date: Mon, 10 Nov 2025 18:26:44 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Hannes Laimer To: pdm-devel@lists.proxmox.com References: <20251105163546.450094-1-h.laimer@proxmox.com> Content-Language: en-US In-Reply-To: <20251105163546.450094-1-h.laimer@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1762795582121 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.046 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pdm-devel] superseded: [PATCH proxmox{, -yew-comp, -datacenter-manager} v2 00/12] add basic integration of PVE firewall X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" superseded-by: https://lore.proxmox.com/pdm-devel/20251110172517.335741-1-h.laimer@proxmox.com/T/#t On 11/5/25 17:35, Hannes Laimer wrote: > This adds a basic UI for displaying the status of the firewall on remotes, > nodes and guests in a tree. Status includes whether the firewall is > enabled and the count of enabled rules. These rules are also shown in a > panel once an enetity in the tree is selected. Firewall options can be > edited, most useful is probably enable/disable, but generally all > options are exposed(since we had the types anyway). > > Generally loading the status involves 2 requests per entity, so the PDM > server has to do quite a bit of work collecting all the relevant data. > That is the reason we have multiple status endpoints > - for all pve remotes > - for a specific remote > - for a specific node > a bit more context on the commit adding these endpoints. With these we > can limit the number of requests the PDM potentially has to do. In this > context a cache could also make sense, should be somewhat straight > forward integrating something like Dominik proposed in [1]. But since > these are configs, caches would have to be really short lived, but still, > they could help with different useres requesting the same data at close > to the same time. > > Firewall options edit form and the firewall rules tables were added to > yew-comp as they are not necesarrily PDM specific. I tried having them > in a way so it would not be too complicated reusing them in other places > at some point. > > This also includes an updated pve-api.json, some api endpoint specs did > require minor adjustments so they'd work with the type generator. This > includes the not yet applied changes in [2]. This also needs [3] to be > present. Generally this is build with the latest master of > proxmox-yew-comp and proxmox-yew-widget-toolkit. > > Notes: node or guest firewalls could be enabled, but end up being masked > by the cluster setting. I tried visualizing that by having the checkmark > normal if masked and green if not. > > [1] https://lore.proxmox.com/pdm-devel/20251017120315.2723235-1-d.csapak@proxmox.com/ > [2] https://lore.proxmox.com/pve-devel/20251023141546.105302-1-h.laimer@proxmox.com/T/#u > [3] https://lore.proxmox.com/yew-devel/20251029173528.378487-1-h.laimer@proxmox.com/T/#u > > > v2, thanks a lot @Dominik, @Lukas and @Thomas > * rebased onto master > * UI improvements > - move filters into tree panel > - shrink status tree panel > - the firewall rules table now doesn't always show all the columns, > instead we have a new column that shows only the things that are > set. We save a lot of space like that, also, most of the columns are > empty. > - added toggle button that collapses the status tree and shows the > rules tables "full-screen". With the current UI changes this should > not really be needed unless a really small screen is used. > Nontheless it may be useful, so I kept it it. > - for the cluster options form I put a border around the log ratelimit > fields, that should help separating them from the rest of the > options. > * concurrently fetch status data for `all remotes` and `single remote`, > was sequential in v1 > (* this doesn't include [4] anymore, since it was applied already ) > > [4] https://git.proxmox.com/?p=proxmox.git;a=commit;h=eb41684db1a6d13f4ae3d95761e40db5a7c333ce > > > proxmox: > > Hannes Laimer (4): > pve-api-types: update pve-api.json > pve-api-types: add get/update firewall options endpoints > pve-api-types: add list firewall rules endpoints > pve-api-types: regenerate > > pve-api-types/generate.pl | 54 + > pve-api-types/pve-api.json | 362 +------ > pve-api-types/src/generated/code.rs | 206 +++- > pve-api-types/src/generated/types.rs | 1366 ++++++++++++++++++++++++-- > 4 files changed, 1584 insertions(+), 404 deletions(-) > > > proxmox-yew-comp: > > Hannes Laimer (4): > form: add helpers for extractig data out of schemas > firewall: add FirewallContext > firewall: add options edit form > firewall: add rules table > > src/firewall/context.rs | 142 ++++++++++ > src/firewall/log_ratelimit_field.rs | 318 ++++++++++++++++++++++ > src/firewall/mod.rs | 11 + > src/firewall/options_edit.rs | 404 ++++++++++++++++++++++++++++ > src/firewall/rules.rs | 253 +++++++++++++++++ > src/form/mod.rs | 70 +++++ > src/lib.rs | 3 + > 7 files changed, 1201 insertions(+) > create mode 100644 src/firewall/context.rs > create mode 100644 src/firewall/log_ratelimit_field.rs > create mode 100644 src/firewall/mod.rs > create mode 100644 src/firewall/options_edit.rs > create mode 100644 src/firewall/rules.rs > > > proxmox-datacenter-manager: > > Hannes Laimer (4): > pdm-api-types: add firewall status types > api: firewall: add option, rules and status endpoints > pdm-client: add api methods for firewall options, rules and status > endpoints > ui: add firewall status tree > > lib/pdm-api-types/src/firewall.rs | 171 ++++++ > lib/pdm-api-types/src/lib.rs | 2 + > lib/pdm-client/src/lib.rs | 133 ++++ > server/src/api/pve/firewall.rs | 854 ++++++++++++++++++++++++++ > server/src/api/pve/lxc.rs | 1 + > server/src/api/pve/mod.rs | 3 + > server/src/api/pve/node.rs | 1 + > server/src/api/pve/qemu.rs | 1 + > ui/src/remotes/firewall/columns.rs | 153 +++++ > ui/src/remotes/firewall/mod.rs | 30 + > ui/src/remotes/firewall/tree.rs | 660 ++++++++++++++++++++ > ui/src/remotes/firewall/types.rs | 284 +++++++++ > ui/src/remotes/firewall/ui_helpers.rs | 166 +++++ > ui/src/remotes/mod.rs | 10 + > 14 files changed, 2469 insertions(+) > create mode 100644 lib/pdm-api-types/src/firewall.rs > create mode 100644 server/src/api/pve/firewall.rs > create mode 100644 ui/src/remotes/firewall/columns.rs > create mode 100644 ui/src/remotes/firewall/mod.rs > create mode 100644 ui/src/remotes/firewall/tree.rs > create mode 100644 ui/src/remotes/firewall/types.rs > create mode 100644 ui/src/remotes/firewall/ui_helpers.rs > > > Summary over all repositories: > 25 files changed, 5254 insertions(+), 404 deletions(-) > _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel