Enables us to use the new forward direction as an option when creating
or editing firewall rules. By introducing firewall_type we can switch
between the available directions depending on which ruleset is being
edited.
Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com>
---
www/manager6/dc/Config.js | 1 +
www/manager6/dc/SecurityGroups.js | 1 +
www/manager6/grid/FirewallRules.js | 32 +++++++++++++++++++++++++-----
www/manager6/lxc/Config.js | 1 +
www/manager6/node/Config.js | 1 +
www/manager6/qemu/Config.js | 1 +
6 files changed, 32 insertions(+), 5 deletions(-)
diff --git a/www/manager6/dc/Config.js b/www/manager6/dc/Config.js
index ddbb58b12..720edefc6 100644
--- a/www/manager6/dc/Config.js
+++ b/www/manager6/dc/Config.js
@@ -241,6 +241,7 @@ Ext.define('PVE.dc.Config', {
list_refs_url: '/cluster/firewall/refs',
iconCls: 'fa fa-shield',
itemId: 'firewall',
+ firewall_type: 'dc',
},
{
xtype: 'pveFirewallOptions',
diff --git a/www/manager6/dc/SecurityGroups.js
b/www/manager6/dc/SecurityGroups.js
index 9e26b84c9..e7aa8081c 100644
--- a/www/manager6/dc/SecurityGroups.js
+++ b/www/manager6/dc/SecurityGroups.js
@@ -214,6 +214,7 @@ Ext.define('PVE.SecurityGroups', {
list_refs_url: '/cluster/firewall/refs',
tbar_prefix: '<b>' + gettext('Rules') + ':</b>',
border: false,
+ firewall_type: 'group',
},
{
xtype: 'pveSecurityGroupList',
diff --git a/www/manager6/grid/FirewallRules.js
b/www/manager6/grid/FirewallRules.js
index 11881bf79..5e7da2dda 100644
--- a/www/manager6/grid/FirewallRules.js
+++ b/www/manager6/grid/FirewallRules.js
@@ -147,6 +147,16 @@ let ICMPV6_TYPE_NAMES_STORE = Ext.create('Ext.data.Store',
{
],
});
+let DEFAULT_ALLOWED_DIRECTIONS = ['in', 'out'];
+
+let ALLOWED_DIRECTIONS = {
+ 'dc': ['in', 'out', 'forward'],
+ 'node': ['in', 'out', 'forward'],
+ 'group': ['in', 'out', 'forward'],
+ 'vm': ['in', 'out'],
+ 'vnet': ['forward'],
+};
+
Ext.define('PVE.FirewallRulePanel', {
extend: 'Proxmox.panel.InputPanel',
@@ -154,6 +164,8 @@ Ext.define('PVE.FirewallRulePanel', {
list_refs_url: undefined,
+ firewall_type: undefined,
+
onGetValues: function(values) {
var me = this;
@@ -178,6 +190,8 @@ Ext.define('PVE.FirewallRulePanel', {
throw "no list_refs_url specified";
}
+ let allowed_directions = ALLOWED_DIRECTIONS[me.firewall_type] ??
DEFAULT_ALLOWED_DIRECTIONS;
+
me.column1 = [
{
// hack: we use this field to mark the form 'dirty' when the
@@ -190,8 +204,8 @@ Ext.define('PVE.FirewallRulePanel', {
{
xtype: 'proxmoxKVComboBox',
name: 'type',
- value: 'in',
- comboItems: [['in', 'in'], ['out', 'out']],
+ value: allowed_directions[0],
+ comboItems: allowed_directions.map((dir) => [dir, dir]),
fieldLabel: gettext('Direction'),
allowBlank: false,
},
@@ -387,6 +401,8 @@ Ext.define('PVE.FirewallRuleEdit', {
allow_iface: false,
+ firewall_type: undefined,
+
initComponent: function() {
var me = this;
@@ -412,6 +428,7 @@ Ext.define('PVE.FirewallRuleEdit', {
list_refs_url: me.list_refs_url,
allow_iface: me.allow_iface,
rule_pos: me.rule_pos,
+ firewall_type: me.firewall_type,
});
Ext.apply(me, {
@@ -555,6 +572,8 @@ Ext.define('PVE.FirewallRules', {
allow_groups: true,
allow_iface: false,
+ firewall_type: undefined,
+
setBaseUrl: function(url) {
var me = this;
@@ -661,7 +680,7 @@ Ext.define('PVE.FirewallRules', {
var type = rec.data.type;
var editor;
- if (type === 'in' || type === 'out') {
+ if (type === 'in' || type === 'out' || type === 'forward') {
editor = 'PVE.FirewallRuleEdit';
} else if (type === 'group') {
editor = 'PVE.FirewallGroupRuleEdit';
@@ -670,6 +689,7 @@ Ext.define('PVE.FirewallRules', {
}
var win = Ext.create(editor, {
+ firewall_type: me.firewall_type,
digest: rec.data.digest,
allow_iface: me.allow_iface,
base_url: me.base_url,
@@ -694,6 +714,7 @@ Ext.define('PVE.FirewallRules', {
disabled: true,
handler: function() {
var win = Ext.create('PVE.FirewallRuleEdit', {
+ firewall_type: me.firewall_type,
allow_iface: me.allow_iface,
base_url: me.base_url,
list_refs_url: me.list_refs_url,
@@ -709,11 +730,12 @@ Ext.define('PVE.FirewallRules', {
return;
}
let type = rec.data.type;
- if (!(type === 'in' || type === 'out')) {
+ if (!(type === 'in' || type === 'out' || type === 'forward')) {
return;
}
let win = Ext.create('PVE.FirewallRuleEdit', {
+ firewall_type: me.firewall_type,
allow_iface: me.allow_iface,
base_url: me.base_url,
list_refs_url: me.list_refs_url,
@@ -726,7 +748,7 @@ Ext.define('PVE.FirewallRules', {
me.copyBtn = Ext.create('Proxmox.button.Button', {
text: gettext('Copy'),
selModel: sm,
- enableFn: ({ data }) => (data.type === 'in' || data.type === 'out')
&& me.canEdit,
+ enableFn: ({ data }) => (data.type === 'in' || data.type === 'out'
|| data.type === 'forward') && me.canEdit,
disabled: true,
handler: run_copy_editor,
});
diff --git a/www/manager6/lxc/Config.js b/www/manager6/lxc/Config.js
index d0e40fc46..77aefd713 100644
--- a/www/manager6/lxc/Config.js
+++ b/www/manager6/lxc/Config.js
@@ -316,6 +316,7 @@ Ext.define('PVE.lxc.Config', {
base_url: base_url + '/firewall/rules',
list_refs_url: base_url + '/firewall/refs',
itemId: 'firewall',
+ firewall_type: 'vm',
},
{
xtype: 'pveFirewallOptions',
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index d27592ce1..c242ba461 100644
--- a/www/manager6/node/Config.js
+++ b/www/manager6/node/Config.js
@@ -293,6 +293,7 @@ Ext.define('PVE.node.Config', {
base_url: '/nodes/' + nodename + '/firewall/rules',
list_refs_url: '/cluster/firewall/refs',
itemId: 'firewall',
+ firewall_type: 'node',
},
{
xtype: 'pveFirewallOptions',
diff --git a/www/manager6/qemu/Config.js b/www/manager6/qemu/Config.js
index f28ee67bb..adceae8fb 100644
--- a/www/manager6/qemu/Config.js
+++ b/www/manager6/qemu/Config.js
@@ -351,6 +351,7 @@ Ext.define('PVE.qemu.Config', {
base_url: base_url + '/firewall/rules',
list_refs_url: base_url + '/firewall/refs',
itemId: 'firewall',
+ firewall_type: 'vm',
},
{
xtype: 'pveFirewallOptions',
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
