From: Hannes Laimer <h.laimer@proxmox.com>
To: pdm-devel@lists.proxmox.com
Subject: [pdm-devel] [PATCH proxmox-yew-comp v3 3/4] firewall: add options edit form
Date: Mon, 10 Nov 2025 18:25:12 +0100 [thread overview]
Message-ID: <20251110172517.335741-8-h.laimer@proxmox.com> (raw)
In-Reply-To: <20251110172517.335741-1-h.laimer@proxmox.com>
This also includes the log-ratelimit field, its value is a property
string.
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
src/firewall/log_ratelimit_field.rs | 334 ++++++++++++++++++++
src/firewall/mod.rs | 6 +
src/firewall/options_edit.rs | 458 ++++++++++++++++++++++++++++
src/lib.rs | 2 +-
4 files changed, 799 insertions(+), 1 deletion(-)
create mode 100644 src/firewall/log_ratelimit_field.rs
create mode 100644 src/firewall/options_edit.rs
diff --git a/src/firewall/log_ratelimit_field.rs b/src/firewall/log_ratelimit_field.rs
new file mode 100644
index 0000000..db2f8a9
--- /dev/null
+++ b/src/firewall/log_ratelimit_field.rs
@@ -0,0 +1,334 @@
+use anyhow::Error;
+use proxmox_schema::ApiType;
+use serde_json::Value;
+use yew::html::{IntoEventCallback, IntoPropValue};
+
+use pwt::prelude::*;
+use pwt::props::FieldBuilder;
+use pwt::widget::form::{
+ Checkbox, Combobox, ManagedField, ManagedFieldContext, ManagedFieldMaster, ManagedFieldState,
+ Number,
+};
+use pwt::widget::{Container, InputPanel, Row};
+
+use pwt::props::WidgetBuilder;
+use pwt_macros::{builder, widget};
+
+use crate::SchemaValidation;
+
+const TIME_UNITS: &[&str] = &["second", "minute", "hour", "day"];
+
+/// A field widget for entering a rate value in the format "number/unit".
+///
+/// The rate is displayed as a number input followed by a unit selector
+/// (second, minute, hour, or day). The value is formatted as "number/unit"
+/// (e.g., "5/minute").
+#[widget(comp=RateFieldImpl, @input)]
+#[derive(Clone, Properties, PartialEq)]
+#[builder]
+pub struct RateField {
+ /// The current value of the rate field in "number/unit" format.
+ #[builder(IntoPropValue, into_prop_value)]
+ #[prop_or_default]
+ pub value: Option<AttrValue>,
+
+ /// Callback invoked when the rate value changes.
+ #[builder_cb(IntoEventCallback, into_event_callback, String)]
+ #[prop_or_default]
+ pub on_input: Option<Callback<String>>,
+}
+
+impl Default for RateField {
+ fn default() -> Self {
+ Self::new()
+ }
+}
+
+impl RateField {
+ /// Creates a new `RateField` with default values.
+ pub fn new() -> Self {
+ yew::props!(Self {})
+ }
+}
+
+enum RateMsg {
+ ChangeNumber(Option<u64>),
+ ChangeUnit(String),
+}
+
+struct RateFieldImpl {
+ number: Option<u64>,
+ unit: String,
+}
+
+impl yew::Component for RateFieldImpl {
+ type Message = RateMsg;
+ type Properties = RateField;
+
+ fn create(ctx: &yew::Context<Self>) -> Self {
+ let mut me = Self {
+ number: None,
+ unit: "second".to_string(),
+ };
+ me.parse_value(&ctx.props().value);
+ me
+ }
+
+ fn update(&mut self, ctx: &yew::Context<Self>, msg: Self::Message) -> bool {
+ match msg {
+ RateMsg::ChangeNumber(number) => {
+ self.number = number;
+ }
+ RateMsg::ChangeUnit(unit) => self.unit = unit,
+ }
+
+ let new_value_str = if let Some(num) = self.number {
+ format!("{}/{}", num, self.unit)
+ } else {
+ String::new()
+ };
+
+ if let Some(callback) = &ctx.props().on_input {
+ callback.emit(new_value_str);
+ }
+
+ true
+ }
+
+ fn changed(&mut self, ctx: &yew::Context<Self>, _old_props: &Self::Properties) -> bool {
+ self.parse_value(&ctx.props().value);
+ true
+ }
+
+ fn view(&self, ctx: &yew::Context<Self>) -> Html {
+ let is_empty = self.number.is_none();
+ let number_value = self.number.map(|n| n.to_string()).unwrap_or_default();
+
+ let units: Vec<AttrValue> = TIME_UNITS.iter().map(|&u| AttrValue::from(u)).collect();
+
+ Row::new()
+ .style("align-items", "center")
+ .gap(1)
+ .with_child(
+ Number::<u64>::new()
+ .key("rate_number")
+ .value(number_value)
+ .placeholder("1")
+ .min(1)
+ .max(99)
+ .on_change(ctx.link().callback(|result: Option<Result<u64, String>>| {
+ RateMsg::ChangeNumber(result.and_then(|r| r.ok()))
+ })),
+ )
+ .with_child("/")
+ .with_child(
+ Combobox::new()
+ .key("rate_unit")
+ .items(std::rc::Rc::new(units))
+ .value(self.unit.clone())
+ .disabled(is_empty)
+ .required(true)
+ .on_change(ctx.link().callback(RateMsg::ChangeUnit)),
+ )
+ .into()
+ }
+}
+
+impl RateFieldImpl {
+ fn parse_value(&mut self, value: &Option<AttrValue>) {
+ self.number = None;
+ self.unit = "second".to_string();
+
+ if let Some(v) = value {
+ if !v.is_empty() {
+ if let Some((num, unit)) = v.split_once('/') {
+ self.number = num.parse::<u64>().ok();
+ self.unit = unit.to_string();
+ }
+ }
+ }
+ }
+}
+
+/// A managed field widget for configuring firewall log rate limiting.
+///
+/// This field allows users to configure:
+/// - Whether rate limiting is enabled
+/// - The rate limit (e.g., "5/minute")
+/// - The burst value
+///
+/// The value is stored as a property string in the format
+/// "enable=0|1,rate=number/unit,burst=number".
+#[widget(comp=ManagedFieldMaster<LogRatelimitFieldImpl>, @input)]
+#[derive(Clone, Properties, PartialEq)]
+#[builder]
+pub struct LogRatelimitField {
+ /// The default value to use when the field is empty.
+ #[builder(IntoPropValue, into_prop_value)]
+ #[prop_or_default]
+ pub default: Option<AttrValue>,
+}
+
+impl Default for LogRatelimitField {
+ fn default() -> Self {
+ Self::new()
+ }
+}
+
+impl LogRatelimitField {
+ /// Creates a new `LogRatelimitField` with default values.
+ pub fn new() -> Self {
+ yew::props!(Self {})
+ }
+}
+
+enum LogRatelimitMsg {
+ Enable(bool),
+ Rate(String),
+ Burst(Option<u64>),
+}
+
+struct LogRatelimitFieldImpl {
+ enable: bool,
+ rate: String,
+ burst: Option<u64>,
+}
+
+impl ManagedField for LogRatelimitFieldImpl {
+ type Message = LogRatelimitMsg;
+ type Properties = LogRatelimitField;
+ type ValidateClosure = ();
+
+ fn validation_args(_props: &Self::Properties) -> Self::ValidateClosure {}
+
+ fn validator(_props: &Self::ValidateClosure, value: &Value) -> Result<Value, Error> {
+ Ok(value.clone())
+ }
+
+ fn setup(props: &Self::Properties) -> ManagedFieldState {
+ let value = Value::Null;
+ let default = match &props.default {
+ Some(d) => Value::String(d.to_string()),
+ None => Value::String(String::new()),
+ };
+ ManagedFieldState::new(value, default)
+ }
+
+ fn value_changed(&mut self, ctx: &ManagedFieldContext<Self>) {
+ let state = ctx.state();
+
+ // Initialize with API defaults (enable=true is the API default)
+ // When the property string is empty, rate and burst are unset
+ self.enable = true;
+ self.rate = String::new();
+ self.burst = None;
+
+ // If value is Null, use the default instead
+ let value_to_parse = match &state.value {
+ Value::Null => &state.default,
+ other => other,
+ };
+
+ if let Value::String(v) = value_to_parse {
+ if !v.is_empty() {
+ match pve_api_types::ClusterFirewallOptionsLogRatelimit::API_SCHEMA
+ .parse_property_string(v)
+ {
+ Ok(parsed) => {
+ match serde_json::from_value::<
+ pve_api_types::ClusterFirewallOptionsLogRatelimit,
+ >(parsed)
+ {
+ Ok(ratelimit) => {
+ self.enable = ratelimit.enable;
+ if let Some(rate) = ratelimit.rate {
+ self.rate = rate.clone();
+ }
+ self.burst = ratelimit.burst;
+ }
+ Err(e) => {
+ log::error!("Failed to parse log_ratelimit value: {e:?}");
+ }
+ }
+ }
+ Err(e) => {
+ log::error!("Failed to parse log_ratelimit property string '{v}': {e:?}");
+ }
+ }
+ }
+ }
+ }
+
+ fn create(ctx: &ManagedFieldContext<Self>) -> Self {
+ let mut me = Self {
+ enable: true,
+ rate: String::new(),
+ burst: None,
+ };
+ me.value_changed(ctx);
+ me
+ }
+
+ fn update(&mut self, ctx: &ManagedFieldContext<Self>, msg: Self::Message) -> bool {
+ match msg {
+ LogRatelimitMsg::Enable(enable) => self.enable = enable,
+ LogRatelimitMsg::Rate(rate) => self.rate = rate,
+ LogRatelimitMsg::Burst(burst_value) => self.burst = burst_value,
+ }
+
+ let mut parts = Vec::new();
+ parts.push(format!("enable={}", if self.enable { 1 } else { 0 }));
+ if !self.rate.is_empty() {
+ parts.push(format!("rate={}", self.rate));
+ }
+ if let Some(burst) = self.burst {
+ parts.push(format!("burst={}", burst));
+ }
+ let property_string = parts.join(",");
+ let new_value = Value::String(property_string);
+
+ ctx.link().update_value(new_value);
+ true
+ }
+
+ fn view(&self, ctx: &ManagedFieldContext<Self>) -> Html {
+ let props = ctx.props();
+ let base_schema = &pve_api_types::ClusterFirewallOptionsLogRatelimit::API_SCHEMA;
+
+ Container::new()
+ .style("border", "1px solid var(--pwt-border-color, #ccc)")
+ .style("border-radius", "4px")
+ .padding(2)
+ .with_child(
+ InputPanel::new()
+ .with_std_props(&props.std_props)
+ .with_field(
+ tr!("Enable"),
+ Checkbox::new()
+ .key("enable")
+ .checked(self.enable)
+ .on_change(ctx.link().callback(LogRatelimitMsg::Enable)),
+ )
+ .with_field(
+ tr!("Rate"),
+ RateField::new()
+ .key("rate")
+ .value(self.rate.clone())
+ .on_input(ctx.link().callback(LogRatelimitMsg::Rate)),
+ )
+ .with_field(
+ tr!("Burst"),
+ Number::<u64>::new()
+ .key("burst")
+ .value(self.burst.map(|b| b.to_string()))
+ .on_change(ctx.link().callback(
+ |result: Option<Result<u64, String>>| {
+ LogRatelimitMsg::Burst(result.and_then(|r| r.ok()))
+ },
+ ))
+ .schema(crate::form::get_field_schema(base_schema, vec!["burst"])),
+ ),
+ )
+ .into()
+ }
+}
diff --git a/src/firewall/mod.rs b/src/firewall/mod.rs
index 49dcf23..379b958 100644
--- a/src/firewall/mod.rs
+++ b/src/firewall/mod.rs
@@ -1,2 +1,8 @@
mod context;
pub use context::FirewallContext;
+
+mod options_edit;
+pub use options_edit::EditFirewallOptions;
+
+mod log_ratelimit_field;
+pub use log_ratelimit_field::LogRatelimitField;
diff --git a/src/firewall/options_edit.rs b/src/firewall/options_edit.rs
new file mode 100644
index 0000000..03579db
--- /dev/null
+++ b/src/firewall/options_edit.rs
@@ -0,0 +1,458 @@
+use std::rc::Rc;
+
+use anyhow::Error;
+use proxmox_schema::ApiType;
+use pve_api_types::{ClusterFirewallOptions, GuestFirewallOptions, NodeFirewallOptions};
+use serde_json::Value;
+use yew::html::{IntoEventCallback, IntoPropValue};
+use yew::virtual_dom::{VComp, VNode};
+
+use pwt::prelude::*;
+use pwt::widget::form::{Checkbox, Combobox, FormContext, Number};
+use pwt::widget::InputPanel;
+
+use pwt_macros::builder;
+
+use crate::{form::delete_empty_values, ApiLoadCallback, EditWindow};
+
+use super::{context::FirewallContext, LogRatelimitField};
+
+fn enum_items_from_schema<T: ApiType>(name: &str) -> Vec<AttrValue> {
+ let s = crate::form::get_field_schema(&T::API_SCHEMA, vec![name]);
+ crate::form::enum_items_from_schema(s)
+}
+
+fn placeholder_from_schema<T: ApiType>(name: &str) -> String {
+ let s = crate::form::get_field_schema(&T::API_SCHEMA, vec![name]);
+ crate::form::placeholder_from_schema(s)
+}
+
+fn create_firewall_options_loader<F>(url: AttrValue, transform_fn: F) -> ApiLoadCallback<Value>
+where
+ F: Fn(&mut serde_json::Map<String, Value>) + Clone + 'static,
+{
+ ApiLoadCallback::new(move || {
+ let url = url.clone();
+ let transform_fn = transform_fn.clone();
+ async move {
+ let mut resp = crate::http_get_full(url.to_string(), None).await?;
+ if let serde_json::Value::Object(ref mut map) = resp.data {
+ transform_fn(map);
+ }
+ Ok::<_, anyhow::Error>(resp)
+ }
+ })
+}
+
+async fn update_firewall_options(
+ form_ctx: FormContext,
+ url: AttrValue,
+ fields: &[&str],
+ transform_fn: Option<impl FnOnce(&mut serde_json::Map<String, Value>)>,
+) -> Result<(), Error> {
+ let mut data = form_ctx.get_submit_data();
+
+ if let (Some(transform), serde_json::Value::Object(ref mut map)) = (transform_fn, &mut data) {
+ transform(map);
+ }
+
+ let data = delete_empty_values(&data, fields, true);
+
+ crate::http_put(&url.to_string(), Some(data)).await
+}
+
+/// Properties for the firewall options edit form.
+///
+/// This component provides a form for editing firewall options at different
+/// levels: cluster, node, or guest (LXC/QEMU).
+#[derive(Clone, PartialEq, Properties)]
+#[builder]
+pub struct EditFirewallOptions {
+ /// The firewall context specifying which level to edit (cluster, node, or guest).
+ #[builder(IntoPropValue, into_prop_value)]
+ pub context: FirewallContext,
+
+ /// Callback invoked when the edit window is closed.
+ #[builder_cb(IntoEventCallback, into_event_callback, ())]
+ #[prop_or_default]
+ pub on_close: Option<Callback<()>>,
+}
+
+impl EditFirewallOptions {
+ /// Creates a new `EditFirewallOptions` for editing cluster-level firewall options.
+ ///
+ /// # Arguments
+ ///
+ /// * `remote` - The remote identifier for the PVE cluster.
+ pub fn cluster(remote: impl Into<AttrValue>) -> Self {
+ yew::props!(Self {
+ context: FirewallContext::cluster(remote),
+ })
+ }
+
+ /// Creates a new `EditFirewallOptions` for editing node-level firewall options.
+ ///
+ /// # Arguments
+ ///
+ /// * `remote` - The remote identifier for the PVE cluster.
+ /// * `node` - The node identifier.
+ pub fn node(remote: impl Into<AttrValue>, node: impl Into<AttrValue>) -> Self {
+ yew::props!(Self {
+ context: FirewallContext::node(remote, node),
+ })
+ }
+
+ /// Creates a new `EditFirewallOptions` for editing guest-level firewall options.
+ ///
+ /// # Arguments
+ ///
+ /// * `remote` - The remote identifier for the PVE cluster.
+ /// * `node` - The node identifier where the guest is located.
+ /// * `vmid` - The virtual machine ID.
+ /// * `vmtype` - The type of guest ("lxc" or "qemu").
+ pub fn guest(
+ remote: impl Into<AttrValue>,
+ node: impl Into<AttrValue>,
+ vmid: u64,
+ vmtype: impl Into<AttrValue>,
+ ) -> Self {
+ yew::props!(Self {
+ context: FirewallContext::guest(remote, node, vmid, vmtype),
+ })
+ }
+}
+
+/// Internal component that renders the firewall options edit form.
+///
+/// This component handles loading firewall options from the API and rendering
+/// the appropriate form based on the firewall context (cluster, node, or guest).
+pub struct ProxmoxEditFirewallOptions {
+ loader: Option<ApiLoadCallback<Value>>,
+}
+
+impl Component for ProxmoxEditFirewallOptions {
+ type Message = ();
+ type Properties = EditFirewallOptions;
+
+ fn create(ctx: &Context<Self>) -> Self {
+ let props = ctx.props();
+ let url: AttrValue = props.context.options_url().into();
+
+ let loader = if !url.is_empty() {
+ Some(create_firewall_options_loader(url, |map| {
+ // Convert enable field from u64 to bool for cluster firewall
+ if let Some(enable_num) = map.get("enable").and_then(|v| v.as_u64()) {
+ map.insert("enable".into(), serde_json::Value::Bool(enable_num != 0));
+ }
+ }))
+ } else {
+ None
+ };
+
+ Self { loader }
+ }
+
+ fn view(&self, ctx: &Context<Self>) -> Html {
+ let props = ctx.props();
+ let url: AttrValue = props.context.options_url().into();
+
+ type ContextConfig<'a> = (
+ String,
+ fn(&FormContext) -> Html,
+ &'a [&'a str],
+ Option<fn(&mut serde_json::Map<String, Value>)>,
+ );
+ let (title, renderer, fields, transform_fn): ContextConfig<'_> = match &props.context {
+ FirewallContext::Cluster { .. } => (
+ props.context.title(&tr!("Edit Cluster Firewall")),
+ edit_cluster_firewall_input_panel,
+ &[
+ "enable",
+ "ebtables",
+ "policy_in",
+ "policy_out",
+ "policy_forward",
+ "log_ratelimit",
+ ],
+ Some(|map: &mut serde_json::Map<String, Value>| {
+ if let Some(enable) = map.get("enable").and_then(|v| v.as_bool()) {
+ map.insert("enable".into(), Value::from(if enable { 1 } else { 0 }));
+ }
+ }),
+ ),
+ FirewallContext::Node { .. } => (
+ props.context.title(&tr!("Edit Node Firewall")),
+ edit_node_firewall_input_panel,
+ &[
+ "enable",
+ "nosmurfs",
+ "tcpflags",
+ "ndp",
+ "nf_conntrack_max",
+ "nf_conntrack_tcp_timeout_established",
+ "log_level_in",
+ "log_level_out",
+ "log_level_forward",
+ "tcp_flags_log_level",
+ "smurf_log_level",
+ "nftables",
+ ],
+ None,
+ ),
+ FirewallContext::Guest { .. } => (
+ props.context.title(&tr!("Edit Guest Firewall")),
+ edit_guest_firewall_input_panel,
+ &[
+ "enable",
+ "dhcp",
+ "ndp",
+ "radv",
+ "macfilter",
+ "ipfilter",
+ "log_level_in",
+ "log_level_out",
+ "policy_in",
+ "policy_out",
+ ],
+ None,
+ ),
+ };
+
+ EditWindow::new(title)
+ .loader(self.loader.clone())
+ .on_close(props.on_close.clone())
+ .on_done(props.on_close.clone())
+ .renderer(renderer)
+ .on_submit({
+ let url = url.clone();
+ move |form_ctx: FormContext| {
+ let url = url.clone();
+ let fields = fields.to_vec();
+ async move { update_firewall_options(form_ctx, url, &fields, transform_fn).await }
+ }
+ })
+ .into()
+ }
+}
+
+fn edit_cluster_firewall_input_panel(_form_ctx: &FormContext) -> Html {
+ InputPanel::new()
+ .padding(4)
+ .with_large_field(
+ tr!("Enable Firewall"),
+ Checkbox::new().name("enable").key("enable"),
+ )
+ .with_large_field(
+ tr!("Enable ebtables"),
+ Checkbox::new()
+ .name("ebtables")
+ .default(true)
+ .key("ebtables"),
+ )
+ .with_field(
+ tr!("Input Policy"),
+ Combobox::new()
+ .name("policy_in")
+ .key("policy_in")
+ .placeholder("DROP")
+ .items(enum_items_from_schema::<ClusterFirewallOptions>("policy_in").into()),
+ )
+ .with_field(
+ tr!("Output Policy"),
+ Combobox::new()
+ .name("policy_out")
+ .key("policy_out")
+ .placeholder("ACCEPT")
+ .items(enum_items_from_schema::<ClusterFirewallOptions>("policy_out").into()),
+ )
+ .with_field(
+ tr!("Forward Policy"),
+ Combobox::new()
+ .name("policy_forward")
+ .key("policy_forward")
+ .placeholder(placeholder_from_schema::<ClusterFirewallOptions>(
+ "policy_forward",
+ ))
+ .items(enum_items_from_schema::<ClusterFirewallOptions>("policy_forward").into()),
+ )
+ .with_large_field(
+ tr!("Log Rate Limiting"),
+ LogRatelimitField::new()
+ .name("log_ratelimit")
+ .key("log_ratelimit"),
+ )
+ .into()
+}
+
+impl From<EditFirewallOptions> for VNode {
+ fn from(val: EditFirewallOptions) -> Self {
+ let comp = VComp::new::<ProxmoxEditFirewallOptions>(Rc::new(val), None);
+ VNode::from(comp)
+ }
+}
+
+fn edit_guest_firewall_input_panel(_form_ctx: &FormContext) -> Html {
+ InputPanel::new()
+ .padding(4)
+ .with_field(
+ tr!("Enable Firewall"),
+ Checkbox::new().name("enable").key("enable"),
+ )
+ .with_right_field(
+ tr!("Enable DHCP"),
+ Checkbox::new().name("dhcp").default(true).key("dhcp"),
+ )
+ .with_field(
+ tr!("Enable NDP"),
+ Checkbox::new().name("ndp").default(true).key("ndp"),
+ )
+ .with_right_field(
+ tr!("Router Advertisement"),
+ Checkbox::new().name("radv").key("radv"),
+ )
+ .with_field(
+ tr!("MAC filter"),
+ Checkbox::new()
+ .name("macfilter")
+ .default(true)
+ .key("macfilter"),
+ )
+ .with_right_field(
+ tr!("IP filter"),
+ Checkbox::new().name("ipfilter").key("ipfilter"),
+ )
+ .with_field(
+ tr!("Log Level In"),
+ Combobox::new()
+ .name("log_level_in")
+ .key("log_level_in")
+ .placeholder(placeholder_from_schema::<GuestFirewallOptions>(
+ "log_level_in",
+ ))
+ .items(enum_items_from_schema::<GuestFirewallOptions>("log_level_in").into()),
+ )
+ .with_right_field(
+ tr!("Log Level Out"),
+ Combobox::new()
+ .name("log_level_out")
+ .key("log_level_out")
+ .placeholder(placeholder_from_schema::<GuestFirewallOptions>(
+ "log_level_out",
+ ))
+ .items(enum_items_from_schema::<GuestFirewallOptions>("log_level_out").into()),
+ )
+ .with_field(
+ tr!("Input Policy"),
+ Combobox::new()
+ .name("policy_in")
+ .key("policy_in")
+ .placeholder("DROP")
+ .items(enum_items_from_schema::<GuestFirewallOptions>("policy_in").into()),
+ )
+ .with_right_field(
+ tr!("Output Policy"),
+ Combobox::new()
+ .name("policy_out")
+ .key("policy_out")
+ .placeholder("ACCEPT")
+ .items(enum_items_from_schema::<GuestFirewallOptions>("policy_out").into()),
+ )
+ .into()
+}
+
+fn edit_node_firewall_input_panel(_form_ctx: &FormContext) -> Html {
+ InputPanel::new()
+ .padding(4)
+ .with_field(
+ tr!("Enable Firewall"),
+ Checkbox::new().name("enable").default(true).key("enable"),
+ )
+ .with_right_field(
+ tr!("SMURFS filter"),
+ Checkbox::new()
+ .name("nosmurfs")
+ .default(true)
+ .key("nosmurfs"),
+ )
+ .with_field(
+ tr!("TCP flags filter"),
+ Checkbox::new().name("tcpflags").key("tcpflags"),
+ )
+ .with_right_field(
+ tr!("Enable NDP"),
+ Checkbox::new().name("ndp").default(true).key("ndp"),
+ )
+ .with_field(
+ tr!("Connection Tracking Max"),
+ Number::<u64>::new()
+ .name("nf_conntrack_max")
+ .key("nf_conntrack_max")
+ .placeholder(placeholder_from_schema::<NodeFirewallOptions>(
+ "nf_conntrack_max",
+ )),
+ )
+ .with_right_field(
+ tr!("TCP Timeout Established"),
+ Number::<u64>::new()
+ .name("nf_conntrack_tcp_timeout_established")
+ .key("nf_conntrack_tcp_timeout_established")
+ .placeholder(placeholder_from_schema::<NodeFirewallOptions>(
+ "nf_conntrack_tcp_timeout_established",
+ )),
+ )
+ .with_field(
+ tr!("Log Level In"),
+ Combobox::new()
+ .name("log_level_in")
+ .key("log_level_in")
+ .placeholder(placeholder_from_schema::<NodeFirewallOptions>(
+ "log_level_in",
+ ))
+ .items(enum_items_from_schema::<NodeFirewallOptions>("log_level_in").into()),
+ )
+ .with_right_field(
+ tr!("Log Level Out"),
+ Combobox::new()
+ .name("log_level_out")
+ .key("log_level_out")
+ .placeholder(placeholder_from_schema::<NodeFirewallOptions>(
+ "log_level_out",
+ ))
+ .items(enum_items_from_schema::<NodeFirewallOptions>("log_level_out").into()),
+ )
+ .with_field(
+ tr!("Log Level Forward"),
+ Combobox::new()
+ .name("log_level_forward")
+ .key("log_level_forward")
+ .placeholder(placeholder_from_schema::<NodeFirewallOptions>(
+ "log_level_forward",
+ ))
+ .items(enum_items_from_schema::<NodeFirewallOptions>("log_level_forward").into()),
+ )
+ .with_right_field(
+ tr!("TCP Flags Log Level"),
+ Combobox::new()
+ .name("tcp_flags_log_level")
+ .key("tcp_flags_log_level")
+ .placeholder(placeholder_from_schema::<NodeFirewallOptions>(
+ "tcp_flags_log_level",
+ ))
+ .items(enum_items_from_schema::<NodeFirewallOptions>("tcp_flags_log_level").into()),
+ )
+ .with_field(
+ tr!("SMURF Log Level"),
+ Combobox::new()
+ .name("smurf_log_level")
+ .key("smurf_log_level")
+ .placeholder(placeholder_from_schema::<NodeFirewallOptions>(
+ "smurf_log_level",
+ ))
+ .items(enum_items_from_schema::<NodeFirewallOptions>("smurf_log_level").into()),
+ )
+ .with_right_field(
+ tr!("nftables (tech preview)"),
+ Checkbox::new().name("nftables").key("nftables"),
+ )
+ .into()
+}
diff --git a/src/lib.rs b/src/lib.rs
index 7731ce5..3d13b13 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -133,7 +133,7 @@ mod rrd_timeframe_selector;
pub use rrd_timeframe_selector::{RRDTimeframe, RRDTimeframeSelector};
mod firewall;
-pub use firewall::FirewallContext;
+pub use firewall::{EditFirewallOptions, FirewallContext};
mod running_tasks;
pub use running_tasks::{ProxmoxRunningTasks, RunningTasks};
--
2.47.3
_______________________________________________
pdm-devel mailing list
pdm-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel
next prev parent reply other threads:[~2025-11-10 17:25 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-10 17:25 [pdm-devel] [PATCH proxmox{, -yew-comp, -datacenter-manager} v3 00/12] add basic integration of PVE firewall Hannes Laimer
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox v3 1/4] pve-api-types: update pve-api.json Hannes Laimer
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox v3 2/4] pve-api-types: add get/update firewall options endpoints Hannes Laimer
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox v3 3/4] pve-api-types: add list firewall rules endpoints Hannes Laimer
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox v3 4/4] pve-api-types: regenerate Hannes Laimer
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox-yew-comp v3 1/4] form: add helpers for extractig data out of schemas Hannes Laimer
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox-yew-comp v3 2/4] firewall: add FirewallContext Hannes Laimer
2025-11-10 17:25 ` Hannes Laimer [this message]
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox-yew-comp v3 4/4] firewall: add rules table Hannes Laimer
2025-11-12 13:06 ` Stefan Hanreich
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox-datacenter-manager v3 1/4] pdm-api-types: add firewall status types Hannes Laimer
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox-datacenter-manager v3 2/4] api: firewall: add option, rules and status endpoints Hannes Laimer
2025-11-12 10:52 ` Stefan Hanreich
2025-11-12 11:09 ` Hannes Laimer
2025-11-12 11:22 ` Thomas Lamprecht
2025-11-12 11:27 ` Stefan Hanreich
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox-datacenter-manager v3 3/4] pdm-client: add api methods for firewall options, " Hannes Laimer
2025-11-10 17:25 ` [pdm-devel] [PATCH proxmox-datacenter-manager v3 4/4] ui: add firewall status tree Hannes Laimer
2025-11-12 11:21 ` Stefan Hanreich
2025-11-12 14:41 ` Lukas Wagner
2025-11-12 13:07 ` [pdm-devel] [PATCH proxmox{, -yew-comp, -datacenter-manager} v3 00/12] add basic integration of PVE firewall Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251110172517.335741-8-h.laimer@proxmox.com \
--to=h.laimer@proxmox.com \
--cc=pdm-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox