add firewall rules option

2025-11-16 17:03:39 +07:00
parent 36fa9644b4
commit 1655151d29
3 changed files with 141 additions and 18 deletions
--- a/README.md
+++ b/README.md
@@ -10,7 +10,8 @@ Tool untuk membuat **template** di Proxmox menggunakan cloud image (Ubuntu, Debi
 - Support konfigurasi via CLI flags atau YAML file
 - Progress bar untuk download
 - **QEMU Guest Agent support** (auto-enable)
- **Firewall configuration** (enable/disable)
+- **Firewall configuration** (enable/disable + custom rules)
+- **Batch mode** untuk create multiple templates sekaligus

 ## Requirements

@@ -113,6 +114,17 @@ proxmox_user: "root@pam"
 proxmox_pass: ""
 guest_agent: true
 firewall: true
+firewall_rules:
+  - type: in
+    action: accept
+    protocol: tcp
+    dport: "22"
+    comment: "SSH"
+  - type: in
+    action: accept
+    protocol: tcp
+    dport: "80,443"
+    comment: "HTTP/HTTPS"
 ```

 ### Batch mode (multiple templates):
@@ -185,7 +197,8 @@ proxmox-cloud-image -batch batch.txt
 6. Setup cloud-init
 7. **Enable QEMU Guest Agent** (jika di-enable)
 8. **Enable Proxmox firewall** (jika di-enable)
-9. **Convert VM menjadi template** dengan `qm template`
+9. **Configure firewall rules** (jika ada rules yang di-define)
+10. **Convert VM menjadi template** dengan `qm template`

 ## QEMU Guest Agent

@@ -207,6 +220,44 @@ Proxmox firewall bisa di-enable untuk template dengan flag `-firewall` atau di c
 firewall: true
 ```

+### Firewall Rules
+
+Kamu juga bisa define firewall rules langsung di config file:
+
+```yaml
+firewall: true
+firewall_rules:
+  - type: in
+    action: accept
+    protocol: tcp
+    dport: "22"
+    comment: "SSH"
+  - type: in
+    action: accept
+    protocol: tcp
+    dport: "80,443"
+    comment: "HTTP/HTTPS"
+  - type: in
+    action: accept
+    protocol: icmp
+    comment: "ICMP/Ping"
+  - type: in
+    action: drop
+    comment: "Drop all other incoming"
+```
+
+**Firewall Rule Fields:**
+- `type`: `in` (incoming) atau `out` (outgoing)
+- `action`: `accept`, `drop`, atau `reject`
+- `protocol`: `tcp`, `udp`, `icmp`, dll (optional)
+- `dport`: destination port atau port range, contoh: `22`, `80,443`, `8000:9000` (optional)
+- `sport`: source port (optional)
+- `source`: source IP/CIDR, contoh: `192.168.1.0/24` (optional)
+- `dest`: destination IP/CIDR (optional)
+- `comment`: komentar untuk rule (optional)
+
+Rules akan ditulis ke `/etc/pve/firewall/<vmid>.fw` di Proxmox host.
+
 Firewall akan di-enable di network interface VM.

 ## Clone Template