From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pdm-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 272A11FF17E
	for <inbox@lore.proxmox.com>; Thu, 30 Oct 2025 15:33:47 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 0F75124174;
	Thu, 30 Oct 2025 15:34:17 +0100 (CET)
From: Hannes Laimer <h.laimer@proxmox.com>
To: pdm-devel@lists.proxmox.com
Date: Thu, 30 Oct 2025 15:33:53 +0100
Message-ID: <20251030143406.193744-1-h.laimer@proxmox.com>
X-Mailer: git-send-email 2.47.3
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1761834835524
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.042 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_MSPIKE_H2       0.001 Average reputation (+2)
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pdm-devel] [PATCH proxmox{, -yew-comp,
 -datacenter-manager} 00/13] add basic integration of PVE firewall
X-BeenThere: pdm-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Datacenter Manager development discussion
 <pdm-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pdm-devel/>
List-Post: <mailto:pdm-devel@lists.proxmox.com>
List-Help: <mailto:pdm-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel>, 
 <mailto:pdm-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox Datacenter Manager development discussion
 <pdm-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pdm-devel-bounces@lists.proxmox.com
Sender: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com>

This adds a basic UI for displaying the status of the firewall on remotes,
nodes and guests in a tree. Status includes whether the firewall is
enabled and the count of enabled rules. These rules are also shown in a
panel once an enetity in the tree is selected. Firewall options can be
edited, most useful is probably enable/disable, but generally all
options are exposed(since we had the types anyway).

Generally loading the status involves 2 requests per entity, so the PDM
server has to do quite a bit of work collecting all the relevant data.
That is the reason we have multiple status endpoints
 - for all pve remotes
 - for a specific remote
 - for a specific node
a bit more context on the commit adding these endpoints. With these we
can limit the number of requests the PDM potentially has to do. In this
context a cache could also make sense, should be somewhat straight
forward integrating something like Dominik proposed in [1]. But since
these are configs, caches would have to be really short lived, but still,
they could help with different useres requesting the same data at close
to the same time.

Firewall options edit form and the firewall rules tables were added to
yew-comp as they are not necesarrily PDM specific. I tried having them
in a way so it would not be too complicated reusing them in other places
at some point.

This also includes an updated pve-api.json, some api endpoint specs did
require minor adjustments so they'd work with the type generator. This
includes the not yet applied changes in [2]. This also needs [3] to be
present. Generally this is build with the latest master of
proxmox-yew-comp and proxmox-yew-widget-toolkit.

Notes: node or guest firewalls could be enabled, but end up being masked
by the cluster setting. I tried visualizing that by having the checkmark
normal if masked and green if not.

[1] https://lore.proxmox.com/pdm-devel/20251017120315.2723235-1-d.csapak@proxmox.com/
[2] https://lore.proxmox.com/pve-devel/20251023141546.105302-1-h.laimer@proxmox.com/T/#u
[3] https://lore.proxmox.com/yew-devel/20251029173528.378487-1-h.laimer@proxmox.com/T/#u


proxmox:

Hannes Laimer (5):
  pve-api-types: update pve-api.json
  pve-api-types: add get/update firewall options endpoints
  pve-api-types: schema2rust: handle `macro` keyword like we do `type`
  pve-api-types: add list firewall rules endpoints
  pve-api-types: regenerate

 pve-api-types/generate.pl                  |   54 +
 pve-api-types/generator-lib/Schema2Rust.pm |    7 +-
 pve-api-types/pve-api.json                 |  377 +-----
 pve-api-types/src/generated/code.rs        |  206 ++-
 pve-api-types/src/generated/types.rs       | 1364 +++++++++++++++++++-
 5 files changed, 1593 insertions(+), 415 deletions(-)


proxmox-yew-comp:

Hannes Laimer (4):
  form: add helpers for extractig data out of schemas
  firewall: add FirewallContext
  firewall: add options edit form
  firewall: add rules table

 src/firewall/context.rs             | 142 ++++++++++
 src/firewall/log_ratelimit_field.rs | 310 +++++++++++++++++++++
 src/firewall/mod.rs                 |  11 +
 src/firewall/options_edit.rs        | 404 ++++++++++++++++++++++++++++
 src/firewall/rules.rs               | 217 +++++++++++++++
 src/form/mod.rs                     |  70 +++++
 src/lib.rs                          |   3 +
 7 files changed, 1157 insertions(+)
 create mode 100644 src/firewall/context.rs
 create mode 100644 src/firewall/log_ratelimit_field.rs
 create mode 100644 src/firewall/mod.rs
 create mode 100644 src/firewall/options_edit.rs
 create mode 100644 src/firewall/rules.rs


proxmox-datacenter-manager:

Hannes Laimer (4):
  pdm-api-types: add firewall status types
  api: firewall: add option, rules and status endpoints
  pdm-client: add api methods for firewall options, rules and status
    endpoints
  ui: add firewall status tree

 lib/pdm-api-types/src/firewall.rs     | 171 ++++++
 lib/pdm-api-types/src/lib.rs          |   2 +
 lib/pdm-client/src/lib.rs             | 133 +++++
 server/src/api/pve/firewall.rs        | 756 ++++++++++++++++++++++++++
 server/src/api/pve/lxc.rs             |   1 +
 server/src/api/pve/mod.rs             |   3 +
 server/src/api/pve/node.rs            |   1 +
 server/src/api/pve/qemu.rs            |   1 +
 ui/src/remotes/firewall/columns.rs    | 150 +++++
 ui/src/remotes/firewall/mod.rs        |  30 +
 ui/src/remotes/firewall/tree.rs       | 634 +++++++++++++++++++++
 ui/src/remotes/firewall/types.rs      | 284 ++++++++++
 ui/src/remotes/firewall/ui_helpers.rs | 156 ++++++
 ui/src/remotes/mod.rs                 |  10 +
 14 files changed, 2332 insertions(+)
 create mode 100644 lib/pdm-api-types/src/firewall.rs
 create mode 100644 server/src/api/pve/firewall.rs
 create mode 100644 ui/src/remotes/firewall/columns.rs
 create mode 100644 ui/src/remotes/firewall/mod.rs
 create mode 100644 ui/src/remotes/firewall/tree.rs
 create mode 100644 ui/src/remotes/firewall/types.rs
 create mode 100644 ui/src/remotes/firewall/ui_helpers.rs


Summary over all repositories:
  26 files changed, 5082 insertions(+), 415 deletions(-)

-- 
Generated by git-murpp 0.8.1


_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel