From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id ECD761FF163 for ; Thu, 10 Oct 2024 17:59:55 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9B5EF1E8EF; Thu, 10 Oct 2024 17:57:36 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Thu, 10 Oct 2024 17:56:45 +0200 Message-Id: <20241010155650.255698-13-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241010155650.255698-1-s.hanreich@proxmox.com> References: <20241010155650.255698-1-s.hanreich@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.255 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH pve-manager v2 12/17] firewall: add forward direction to rule panel X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Enables us to use the new forward direction as an option when creating or editing firewall rules. By introducing firewall_type we can switch between the available directions depending on which ruleset is being edited. Signed-off-by: Stefan Hanreich --- www/manager6/dc/Config.js | 1 + www/manager6/dc/SecurityGroups.js | 1 + www/manager6/grid/FirewallRules.js | 32 +++++++++++++++++++++++++----- www/manager6/lxc/Config.js | 1 + www/manager6/node/Config.js | 1 + www/manager6/qemu/Config.js | 1 + 6 files changed, 32 insertions(+), 5 deletions(-) diff --git a/www/manager6/dc/Config.js b/www/manager6/dc/Config.js index ddbb58b12..720edefc6 100644 --- a/www/manager6/dc/Config.js +++ b/www/manager6/dc/Config.js @@ -241,6 +241,7 @@ Ext.define('PVE.dc.Config', { list_refs_url: '/cluster/firewall/refs', iconCls: 'fa fa-shield', itemId: 'firewall', + firewall_type: 'dc', }, { xtype: 'pveFirewallOptions', diff --git a/www/manager6/dc/SecurityGroups.js b/www/manager6/dc/SecurityGroups.js index 9e26b84c9..e7aa8081c 100644 --- a/www/manager6/dc/SecurityGroups.js +++ b/www/manager6/dc/SecurityGroups.js @@ -214,6 +214,7 @@ Ext.define('PVE.SecurityGroups', { list_refs_url: '/cluster/firewall/refs', tbar_prefix: '' + gettext('Rules') + ':', border: false, + firewall_type: 'group', }, { xtype: 'pveSecurityGroupList', diff --git a/www/manager6/grid/FirewallRules.js b/www/manager6/grid/FirewallRules.js index 11881bf79..5e7da2dda 100644 --- a/www/manager6/grid/FirewallRules.js +++ b/www/manager6/grid/FirewallRules.js @@ -147,6 +147,16 @@ let ICMPV6_TYPE_NAMES_STORE = Ext.create('Ext.data.Store', { ], }); +let DEFAULT_ALLOWED_DIRECTIONS = ['in', 'out']; + +let ALLOWED_DIRECTIONS = { + 'dc': ['in', 'out', 'forward'], + 'node': ['in', 'out', 'forward'], + 'group': ['in', 'out', 'forward'], + 'vm': ['in', 'out'], + 'vnet': ['forward'], +}; + Ext.define('PVE.FirewallRulePanel', { extend: 'Proxmox.panel.InputPanel', @@ -154,6 +164,8 @@ Ext.define('PVE.FirewallRulePanel', { list_refs_url: undefined, + firewall_type: undefined, + onGetValues: function(values) { var me = this; @@ -178,6 +190,8 @@ Ext.define('PVE.FirewallRulePanel', { throw "no list_refs_url specified"; } + let allowed_directions = ALLOWED_DIRECTIONS[me.firewall_type] ?? DEFAULT_ALLOWED_DIRECTIONS; + me.column1 = [ { // hack: we use this field to mark the form 'dirty' when the @@ -190,8 +204,8 @@ Ext.define('PVE.FirewallRulePanel', { { xtype: 'proxmoxKVComboBox', name: 'type', - value: 'in', - comboItems: [['in', 'in'], ['out', 'out']], + value: allowed_directions[0], + comboItems: allowed_directions.map((dir) => [dir, dir]), fieldLabel: gettext('Direction'), allowBlank: false, }, @@ -387,6 +401,8 @@ Ext.define('PVE.FirewallRuleEdit', { allow_iface: false, + firewall_type: undefined, + initComponent: function() { var me = this; @@ -412,6 +428,7 @@ Ext.define('PVE.FirewallRuleEdit', { list_refs_url: me.list_refs_url, allow_iface: me.allow_iface, rule_pos: me.rule_pos, + firewall_type: me.firewall_type, }); Ext.apply(me, { @@ -555,6 +572,8 @@ Ext.define('PVE.FirewallRules', { allow_groups: true, allow_iface: false, + firewall_type: undefined, + setBaseUrl: function(url) { var me = this; @@ -661,7 +680,7 @@ Ext.define('PVE.FirewallRules', { var type = rec.data.type; var editor; - if (type === 'in' || type === 'out') { + if (type === 'in' || type === 'out' || type === 'forward') { editor = 'PVE.FirewallRuleEdit'; } else if (type === 'group') { editor = 'PVE.FirewallGroupRuleEdit'; @@ -670,6 +689,7 @@ Ext.define('PVE.FirewallRules', { } var win = Ext.create(editor, { + firewall_type: me.firewall_type, digest: rec.data.digest, allow_iface: me.allow_iface, base_url: me.base_url, @@ -694,6 +714,7 @@ Ext.define('PVE.FirewallRules', { disabled: true, handler: function() { var win = Ext.create('PVE.FirewallRuleEdit', { + firewall_type: me.firewall_type, allow_iface: me.allow_iface, base_url: me.base_url, list_refs_url: me.list_refs_url, @@ -709,11 +730,12 @@ Ext.define('PVE.FirewallRules', { return; } let type = rec.data.type; - if (!(type === 'in' || type === 'out')) { + if (!(type === 'in' || type === 'out' || type === 'forward')) { return; } let win = Ext.create('PVE.FirewallRuleEdit', { + firewall_type: me.firewall_type, allow_iface: me.allow_iface, base_url: me.base_url, list_refs_url: me.list_refs_url, @@ -726,7 +748,7 @@ Ext.define('PVE.FirewallRules', { me.copyBtn = Ext.create('Proxmox.button.Button', { text: gettext('Copy'), selModel: sm, - enableFn: ({ data }) => (data.type === 'in' || data.type === 'out') && me.canEdit, + enableFn: ({ data }) => (data.type === 'in' || data.type === 'out' || data.type === 'forward') && me.canEdit, disabled: true, handler: run_copy_editor, }); diff --git a/www/manager6/lxc/Config.js b/www/manager6/lxc/Config.js index d0e40fc46..77aefd713 100644 --- a/www/manager6/lxc/Config.js +++ b/www/manager6/lxc/Config.js @@ -316,6 +316,7 @@ Ext.define('PVE.lxc.Config', { base_url: base_url + '/firewall/rules', list_refs_url: base_url + '/firewall/refs', itemId: 'firewall', + firewall_type: 'vm', }, { xtype: 'pveFirewallOptions', diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js index d27592ce1..c242ba461 100644 --- a/www/manager6/node/Config.js +++ b/www/manager6/node/Config.js @@ -293,6 +293,7 @@ Ext.define('PVE.node.Config', { base_url: '/nodes/' + nodename + '/firewall/rules', list_refs_url: '/cluster/firewall/refs', itemId: 'firewall', + firewall_type: 'node', }, { xtype: 'pveFirewallOptions', diff --git a/www/manager6/qemu/Config.js b/www/manager6/qemu/Config.js index f28ee67bb..adceae8fb 100644 --- a/www/manager6/qemu/Config.js +++ b/www/manager6/qemu/Config.js @@ -351,6 +351,7 @@ Ext.define('PVE.qemu.Config', { base_url: base_url + '/firewall/rules', list_refs_url: base_url + '/firewall/refs', itemId: 'firewall', + firewall_type: 'vm', }, { xtype: 'pveFirewallOptions', -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel