[pve-devel] [PATCH pve-manager v4 13/18] firewall: add vnet to firewall options component

Fri, 15 Nov 2024 04:12:26 -0800 

Add the configuration options for vnet-level firewalls to the options
component. Additionally add the new policy_forward configuration
option to the datacenter-level firewall as well.

Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com>
Tested-by: Hannes Dürr <h.du...@proxmox.com>
---
 www/manager6/grid/FirewallOptions.js | 38 +++++++++++++++++++++++-----
 1 file changed, 32 insertions(+), 6 deletions(-)

diff --git a/www/manager6/grid/FirewallOptions.js 
b/www/manager6/grid/FirewallOptions.js
index 6aacb47be..fa482e0e4 100644
--- a/www/manager6/grid/FirewallOptions.js
+++ b/www/manager6/grid/FirewallOptions.js
@@ -2,7 +2,7 @@ Ext.define('PVE.FirewallOptions', {
     extend: 'Proxmox.grid.ObjectGrid',
     alias: ['widget.pveFirewallOptions'],
 
-    fwtype: undefined, // 'dc', 'node' or 'vm'
+    fwtype: undefined, // 'dc', 'node', 'vm' or 'vnet'
 
     base_url: undefined,
 
@@ -13,14 +13,14 @@ Ext.define('PVE.FirewallOptions', {
            throw "missing base_url configuration";
        }
 
-       if (me.fwtype === 'dc' || me.fwtype === 'node' || me.fwtype === 'vm') {
-           if (me.fwtype === 'node') {
-               me.cwidth1 = 250;
-           }
-       } else {
+       if (!['dc', 'node', 'vm', 'vnet'].includes(me.fwtype)) {
            throw "unknown firewall option type";
        }
 
+       if (me.fwtype === 'node') {
+           me.cwidth1 = 250;
+       }
+
        let caps = Ext.state.Manager.get('GuiCap');
        let canEdit = caps.vms['VM.Config.Network'] || caps.dc['Sys.Modify'] || 
caps.nodes['Sys.Modify'];
 
@@ -81,6 +81,7 @@ Ext.define('PVE.FirewallOptions', {
                            'nf_conntrack_tcp_timeout_established', 7875, 250);
            add_log_row('log_level_in');
            add_log_row('log_level_out');
+           add_log_row('log_level_forward');
            add_log_row('tcp_flags_log_level', 120);
            add_log_row('smurf_log_level');
            add_boolean_row('nftables', gettext('nftables (tech preview)'), 0);
@@ -114,6 +115,9 @@ Ext.define('PVE.FirewallOptions', {
                    defaultValue: 'enable=1',
                },
            };
+       } else if (me.fwtype === 'vnet') {
+           add_boolean_row('enable', gettext('Firewall'), 0);
+           add_log_row('log_level_forward');
        }
 
        if (me.fwtype === 'dc' || me.fwtype === 'vm') {
@@ -150,6 +154,28 @@ Ext.define('PVE.FirewallOptions', {
            };
        }
 
+       if (me.fwtype === 'vnet' || me.fwtype === 'dc') {
+           me.rows.policy_forward = {
+               header: gettext('Forward Policy'),
+               required: true,
+               defaultValue: 'ACCEPT',
+               editor: {
+                   xtype: 'proxmoxWindowEdit',
+                   subject: gettext('Forward Policy'),
+                   items: {
+                       xtype: 'pveFirewallPolicySelector',
+                       name: 'policy_forward',
+                       value: 'ACCEPT',
+                       fieldLabel: gettext('Forward Policy'),
+                       comboItems: [
+                           ['ACCEPT', 'ACCEPT'],
+                           ['DROP', 'DROP'],
+                       ],
+                   },
+               },
+           };
+       }
+
        var edit_btn = new Ext.Button({
            text: gettext('Edit'),
            disabled: true,
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to