public inbox for pdm-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Hannes Laimer <h.laimer@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [pdm-devel] [PATCH proxmox{, -yew-comp, -datacenter-manager} v2 00/12] add basic integration of PVE firewall
Date: Wed,  5 Nov 2025 17:35:34 +0100	[thread overview]
Message-ID: <20251105163546.450094-1-h.laimer@proxmox.com> (raw)

This adds a basic UI for displaying the status of the firewall on remotes,
nodes and guests in a tree. Status includes whether the firewall is
enabled and the count of enabled rules. These rules are also shown in a
panel once an enetity in the tree is selected. Firewall options can be
edited, most useful is probably enable/disable, but generally all
options are exposed(since we had the types anyway).

Generally loading the status involves 2 requests per entity, so the PDM
server has to do quite a bit of work collecting all the relevant data.
That is the reason we have multiple status endpoints
 - for all pve remotes
 - for a specific remote
 - for a specific node
a bit more context on the commit adding these endpoints. With these we
can limit the number of requests the PDM potentially has to do. In this
context a cache could also make sense, should be somewhat straight
forward integrating something like Dominik proposed in [1]. But since
these are configs, caches would have to be really short lived, but still,
they could help with different useres requesting the same data at close
to the same time.

Firewall options edit form and the firewall rules tables were added to
yew-comp as they are not necesarrily PDM specific. I tried having them
in a way so it would not be too complicated reusing them in other places
at some point.

This also includes an updated pve-api.json, some api endpoint specs did
require minor adjustments so they'd work with the type generator. This
includes the not yet applied changes in [2]. This also needs [3] to be
present. Generally this is build with the latest master of
proxmox-yew-comp and proxmox-yew-widget-toolkit.

Notes: node or guest firewalls could be enabled, but end up being masked
by the cluster setting. I tried visualizing that by having the checkmark
normal if masked and green if not.

[1] https://lore.proxmox.com/pdm-devel/20251017120315.2723235-1-d.csapak@proxmox.com/
[2] https://lore.proxmox.com/pve-devel/20251023141546.105302-1-h.laimer@proxmox.com/T/#u
[3] https://lore.proxmox.com/yew-devel/20251029173528.378487-1-h.laimer@proxmox.com/T/#u


v2, thanks a lot @Dominik, @Lukas and @Thomas
 * rebased onto master
 * UI improvements
   - move filters into tree panel
   - shrink status tree panel
   - the firewall rules table now doesn't always show all the columns,
     instead we have a new column that shows only the things that are
     set. We save a lot of space like that, also, most of the columns are
     empty.
   - added toggle button that collapses the status tree and shows the
     rules tables "full-screen". With the current UI changes this should
     not really be needed unless a really small screen is used.
     Nontheless it may be useful, so I kept it it.
   - for the cluster options form I put a border around the log ratelimit
     fields, that should help separating them from the rest of the
     options.
 * concurrently fetch status data for `all remotes` and `single remote`,
   was sequential in v1
(* this doesn't include [4] anymore, since it was applied already )

[4] https://git.proxmox.com/?p=proxmox.git;a=commit;h=eb41684db1a6d13f4ae3d95761e40db5a7c333ce


proxmox:

Hannes Laimer (4):
  pve-api-types: update pve-api.json
  pve-api-types: add get/update firewall options endpoints
  pve-api-types: add list firewall rules endpoints
  pve-api-types: regenerate

 pve-api-types/generate.pl            |   54 +
 pve-api-types/pve-api.json           |  362 +------
 pve-api-types/src/generated/code.rs  |  206 +++-
 pve-api-types/src/generated/types.rs | 1366 ++++++++++++++++++++++++--
 4 files changed, 1584 insertions(+), 404 deletions(-)


proxmox-yew-comp:

Hannes Laimer (4):
  form: add helpers for extractig data out of schemas
  firewall: add FirewallContext
  firewall: add options edit form
  firewall: add rules table

 src/firewall/context.rs             | 142 ++++++++++
 src/firewall/log_ratelimit_field.rs | 318 ++++++++++++++++++++++
 src/firewall/mod.rs                 |  11 +
 src/firewall/options_edit.rs        | 404 ++++++++++++++++++++++++++++
 src/firewall/rules.rs               | 253 +++++++++++++++++
 src/form/mod.rs                     |  70 +++++
 src/lib.rs                          |   3 +
 7 files changed, 1201 insertions(+)
 create mode 100644 src/firewall/context.rs
 create mode 100644 src/firewall/log_ratelimit_field.rs
 create mode 100644 src/firewall/mod.rs
 create mode 100644 src/firewall/options_edit.rs
 create mode 100644 src/firewall/rules.rs


proxmox-datacenter-manager:

Hannes Laimer (4):
  pdm-api-types: add firewall status types
  api: firewall: add option, rules and status endpoints
  pdm-client: add api methods for firewall options, rules and status
    endpoints
  ui: add firewall status tree

 lib/pdm-api-types/src/firewall.rs     | 171 ++++++
 lib/pdm-api-types/src/lib.rs          |   2 +
 lib/pdm-client/src/lib.rs             | 133 ++++
 server/src/api/pve/firewall.rs        | 854 ++++++++++++++++++++++++++
 server/src/api/pve/lxc.rs             |   1 +
 server/src/api/pve/mod.rs             |   3 +
 server/src/api/pve/node.rs            |   1 +
 server/src/api/pve/qemu.rs            |   1 +
 ui/src/remotes/firewall/columns.rs    | 153 +++++
 ui/src/remotes/firewall/mod.rs        |  30 +
 ui/src/remotes/firewall/tree.rs       | 660 ++++++++++++++++++++
 ui/src/remotes/firewall/types.rs      | 284 +++++++++
 ui/src/remotes/firewall/ui_helpers.rs | 166 +++++
 ui/src/remotes/mod.rs                 |  10 +
 14 files changed, 2469 insertions(+)
 create mode 100644 lib/pdm-api-types/src/firewall.rs
 create mode 100644 server/src/api/pve/firewall.rs
 create mode 100644 ui/src/remotes/firewall/columns.rs
 create mode 100644 ui/src/remotes/firewall/mod.rs
 create mode 100644 ui/src/remotes/firewall/tree.rs
 create mode 100644 ui/src/remotes/firewall/types.rs
 create mode 100644 ui/src/remotes/firewall/ui_helpers.rs


Summary over all repositories:
  25 files changed, 5254 insertions(+), 404 deletions(-)

-- 
Generated by git-murpp 0.8.1


_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel


             reply	other threads:[~2025-11-05 16:35 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-05 16:35 Hannes Laimer [this message]
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox v2 1/4] pve-api-types: update pve-api.json Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox v2 2/4] pve-api-types: add get/update firewall options endpoints Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox v2 3/4] pve-api-types: add list firewall rules endpoints Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox v2 4/4] pve-api-types: regenerate Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox-yew-comp v2 1/4] form: add helpers for extractig data out of schemas Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox-yew-comp v2 2/4] firewall: add FirewallContext Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox-yew-comp v2 3/4] firewall: add options edit form Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox-yew-comp v2 4/4] firewall: add rules table Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox-datacenter-manager v2 1/4] pdm-api-types: add firewall status types Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox-datacenter-manager v2 2/4] api: firewall: add option, rules and status endpoints Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox-datacenter-manager v2 3/4] pdm-client: add api methods for firewall options, " Hannes Laimer
2025-11-05 16:35 ` [pdm-devel] [PATCH proxmox-datacenter-manager v2 4/4] ui: add firewall status tree Hannes Laimer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251105163546.450094-1-h.laimer@proxmox.com \
    --to=h.laimer@proxmox.com \
    --cc=pdm-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal