package main import ( "errors" "fmt" "isle/daemon/daecommon" ) const vpnFirewallConfigChangeStagerName = "vpn-firewall-config" type firewallRuleView struct { Index int `yaml:"index"` daecommon.ConfigFirewallRule `yaml:",inline"` } func newFirewallRuleViews( rules []daecommon.ConfigFirewallRule, ) []firewallRuleView { views := make([]firewallRuleView, len(rules)) for i := range rules { views[i] = firewallRuleView{ Index: i, ConfigFirewallRule: rules[i], } } return views } type firewallView struct { Outbound []firewallRuleView `yaml:"outbound"` Inbound []firewallRuleView `yaml:"inbound"` } func newFirewallView(firewallConfig daecommon.ConfigFirewall) firewallView { return firewallView{ Outbound: newFirewallRuleViews(firewallConfig.Outbound), Inbound: newFirewallRuleViews(firewallConfig.Inbound), } } var subCmdVPNFirewallList = subCmd{ name: "list", descr: "List all currently configured firewall rules", do: doWithOutput(func(ctx subCmdCtx) (any, error) { staged := ctx.flags.Bool( "staged", false, "Return the firewall configuration with staged changes included", ) ctx, err := ctx.withParsedFlags() if err != nil { return nil, fmt.Errorf("parsing flags: %w", err) } var firewallConfig daecommon.ConfigFirewall if !*staged { config, err := ctx.getDaemonRPC().GetConfig(ctx) if err != nil { return nil, fmt.Errorf("getting network config: %w", err) } firewallConfig = config.VPN.Firewall } else if ok, err := ctx.opts.changeStager.get( &firewallConfig, vpnFirewallConfigChangeStagerName, ); err != nil { return nil, fmt.Errorf("checking for staged changes: %w", err) } else if !ok { return nil, errors.New("no firewall configuration changes have been staged") } return newFirewallView(firewallConfig), nil }), } var subCmdVPNFirewall = subCmd{ name: "firewall", descr: "Sub-commands related to this host's VPN firewall", do: func(ctx subCmdCtx) error { return ctx.doSubCmd( subCmdVPNFirewallList, ) }, }