From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 986341FF183 for ; Wed, 5 Nov 2025 17:36:58 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3021A30A6; Wed, 5 Nov 2025 17:37:39 +0100 (CET) Message-ID: <883c134c-a8f5-4583-93cc-47fbaa9bfc97@proxmox.com> Date: Wed, 5 Nov 2025 17:37:34 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Hannes Laimer To: pdm-devel@lists.proxmox.com References: <20251030143406.193744-1-h.laimer@proxmox.com> Content-Language: en-US In-Reply-To: <20251030143406.193744-1-h.laimer@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1762360636086 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.042 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pdm-devel] superseded: [PATCH proxmox{, -yew-comp, -datacenter-manager} 00/13] add basic integration of PVE firewall X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" superseded-by: https://lore.proxmox.com/pdm-devel/20251105163546.450094-1-h.laimer@proxmox.com/T/#t On 10/30/25 15:34, Hannes Laimer wrote: > This adds a basic UI for displaying the status of the firewall on remotes, > nodes and guests in a tree. Status includes whether the firewall is > enabled and the count of enabled rules. These rules are also shown in a > panel once an enetity in the tree is selected. Firewall options can be > edited, most useful is probably enable/disable, but generally all > options are exposed(since we had the types anyway). > > Generally loading the status involves 2 requests per entity, so the PDM > server has to do quite a bit of work collecting all the relevant data. > That is the reason we have multiple status endpoints > - for all pve remotes > - for a specific remote > - for a specific node > a bit more context on the commit adding these endpoints. With these we > can limit the number of requests the PDM potentially has to do. In this > context a cache could also make sense, should be somewhat straight > forward integrating something like Dominik proposed in [1]. But since > these are configs, caches would have to be really short lived, but still, > they could help with different useres requesting the same data at close > to the same time. > > Firewall options edit form and the firewall rules tables were added to > yew-comp as they are not necesarrily PDM specific. I tried having them > in a way so it would not be too complicated reusing them in other places > at some point. > > This also includes an updated pve-api.json, some api endpoint specs did > require minor adjustments so they'd work with the type generator. This > includes the not yet applied changes in [2]. This also needs [3] to be > present. Generally this is build with the latest master of > proxmox-yew-comp and proxmox-yew-widget-toolkit. > > Notes: node or guest firewalls could be enabled, but end up being masked > by the cluster setting. I tried visualizing that by having the checkmark > normal if masked and green if not. > > [1] https://lore.proxmox.com/pdm-devel/20251017120315.2723235-1-d.csapak@proxmox.com/ > [2] https://lore.proxmox.com/pve-devel/20251023141546.105302-1-h.laimer@proxmox.com/T/#u > [3] https://lore.proxmox.com/yew-devel/20251029173528.378487-1-h.laimer@proxmox.com/T/#u > > > proxmox: > > Hannes Laimer (5): > pve-api-types: update pve-api.json > pve-api-types: add get/update firewall options endpoints > pve-api-types: schema2rust: handle `macro` keyword like we do `type` > pve-api-types: add list firewall rules endpoints > pve-api-types: regenerate > > pve-api-types/generate.pl | 54 + > pve-api-types/generator-lib/Schema2Rust.pm | 7 +- > pve-api-types/pve-api.json | 377 +----- > pve-api-types/src/generated/code.rs | 206 ++- > pve-api-types/src/generated/types.rs | 1364 +++++++++++++++++++- > 5 files changed, 1593 insertions(+), 415 deletions(-) > > > proxmox-yew-comp: > > Hannes Laimer (4): > form: add helpers for extractig data out of schemas > firewall: add FirewallContext > firewall: add options edit form > firewall: add rules table > > src/firewall/context.rs | 142 ++++++++++ > src/firewall/log_ratelimit_field.rs | 310 +++++++++++++++++++++ > src/firewall/mod.rs | 11 + > src/firewall/options_edit.rs | 404 ++++++++++++++++++++++++++++ > src/firewall/rules.rs | 217 +++++++++++++++ > src/form/mod.rs | 70 +++++ > src/lib.rs | 3 + > 7 files changed, 1157 insertions(+) > create mode 100644 src/firewall/context.rs > create mode 100644 src/firewall/log_ratelimit_field.rs > create mode 100644 src/firewall/mod.rs > create mode 100644 src/firewall/options_edit.rs > create mode 100644 src/firewall/rules.rs > > > proxmox-datacenter-manager: > > Hannes Laimer (4): > pdm-api-types: add firewall status types > api: firewall: add option, rules and status endpoints > pdm-client: add api methods for firewall options, rules and status > endpoints > ui: add firewall status tree > > lib/pdm-api-types/src/firewall.rs | 171 ++++++ > lib/pdm-api-types/src/lib.rs | 2 + > lib/pdm-client/src/lib.rs | 133 +++++ > server/src/api/pve/firewall.rs | 756 ++++++++++++++++++++++++++ > server/src/api/pve/lxc.rs | 1 + > server/src/api/pve/mod.rs | 3 + > server/src/api/pve/node.rs | 1 + > server/src/api/pve/qemu.rs | 1 + > ui/src/remotes/firewall/columns.rs | 150 +++++ > ui/src/remotes/firewall/mod.rs | 30 + > ui/src/remotes/firewall/tree.rs | 634 +++++++++++++++++++++ > ui/src/remotes/firewall/types.rs | 284 ++++++++++ > ui/src/remotes/firewall/ui_helpers.rs | 156 ++++++ > ui/src/remotes/mod.rs | 10 + > 14 files changed, 2332 insertions(+) > create mode 100644 lib/pdm-api-types/src/firewall.rs > create mode 100644 server/src/api/pve/firewall.rs > create mode 100644 ui/src/remotes/firewall/columns.rs > create mode 100644 ui/src/remotes/firewall/mod.rs > create mode 100644 ui/src/remotes/firewall/tree.rs > create mode 100644 ui/src/remotes/firewall/types.rs > create mode 100644 ui/src/remotes/firewall/ui_helpers.rs > > > Summary over all repositories: > 26 files changed, 5082 insertions(+), 415 deletions(-) > _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel