1/* 2Copyright (c) 2015 VMware, Inc. All Rights Reserved. 3 4Licensed under the Apache License, Version 2.0 (the "License"); 5you may not use this file except in compliance with the License. 6You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10Unless required by applicable law or agreed to in writing, software 11distributed under the License is distributed on an "AS IS" BASIS, 12WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13See the License for the specific language governing permissions and 14limitations under the License. 15*/ 16 17package firewall 18 19import ( 20 "context" 21 "flag" 22 "fmt" 23 "os" 24 25 "github.com/vmware/govmomi/govc/cli" 26 "github.com/vmware/govmomi/govc/flags" 27 "github.com/vmware/govmomi/govc/host/esxcli" 28 "github.com/vmware/govmomi/object" 29 "github.com/vmware/govmomi/vim25/types" 30) 31 32type find struct { 33 *flags.ClientFlag 34 *flags.OutputFlag 35 *flags.HostSystemFlag 36 37 enabled bool 38 check bool 39 40 types.HostFirewallRule 41} 42 43func init() { 44 cli.Register("firewall.ruleset.find", &find{}) 45} 46 47func (cmd *find) Register(ctx context.Context, f *flag.FlagSet) { 48 cmd.ClientFlag, ctx = flags.NewClientFlag(ctx) 49 cmd.ClientFlag.Register(ctx, f) 50 cmd.OutputFlag, ctx = flags.NewOutputFlag(ctx) 51 cmd.OutputFlag.Register(ctx, f) 52 cmd.HostSystemFlag, ctx = flags.NewHostSystemFlag(ctx) 53 cmd.HostSystemFlag.Register(ctx, f) 54 55 f.BoolVar(&cmd.check, "c", true, "Check if esx firewall is enabled") 56 f.BoolVar(&cmd.enabled, "enabled", true, "Find enabled rule sets if true, disabled if false") 57 f.StringVar((*string)(&cmd.Direction), "direction", string(types.HostFirewallRuleDirectionOutbound), "Direction") 58 f.StringVar((*string)(&cmd.PortType), "type", string(types.HostFirewallRulePortTypeDst), "Port type") 59 f.StringVar((*string)(&cmd.Protocol), "proto", string(types.HostFirewallRuleProtocolTcp), "Protocol") 60 f.Var(flags.NewInt32(&cmd.Port), "port", "Port") 61} 62 63func (cmd *find) Process(ctx context.Context) error { 64 if err := cmd.ClientFlag.Process(ctx); err != nil { 65 return err 66 } 67 if err := cmd.OutputFlag.Process(ctx); err != nil { 68 return err 69 } 70 if err := cmd.HostSystemFlag.Process(ctx); err != nil { 71 return err 72 } 73 return nil 74} 75 76func (cmd *find) Description() string { 77 return `Find firewall rulesets matching the given rule. 78 79For a complete list of rulesets: govc host.esxcli network firewall ruleset list 80For a complete list of rules: govc host.esxcli network firewall ruleset rule list 81 82Examples: 83 govc firewall.ruleset.find -direction inbound -port 22 84 govc firewall.ruleset.find -direction outbound -port 2377` 85} 86 87func (cmd *find) Run(ctx context.Context, f *flag.FlagSet) error { 88 host, err := cmd.HostSystem() 89 if err != nil { 90 return err 91 } 92 93 fs, err := host.ConfigManager().FirewallSystem(ctx) 94 if err != nil { 95 return err 96 } 97 98 if cmd.check { 99 esxfw, err := esxcli.GetFirewallInfo(host) 100 if err != nil { 101 return err 102 } 103 104 if !esxfw.Enabled { 105 fmt.Fprintln(os.Stderr, "host firewall is disabled") 106 } 107 } 108 109 info, err := fs.Info(ctx) 110 if err != nil { 111 return err 112 } 113 114 if f.NArg() != 0 { 115 // TODO: f.Args() -> types.HostFirewallRulesetIpList 116 return flag.ErrHelp 117 } 118 119 rs := object.HostFirewallRulesetList(info.Ruleset) 120 matched, err := rs.EnabledByRule(cmd.HostFirewallRule, cmd.enabled) 121 122 if err != nil { 123 return err 124 } 125 126 for _, r := range matched { 127 fmt.Println(r.Key) 128 } 129 130 return nil 131} 132