From c48819d1d92d01a0c697a14fac76ba910d35d042 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 1 Apr 2016 12:39:20 +0200
Subject: [PATCH] add auto-generated cluster firewall options

---
 Makefile                         |  6 +++++-
 gen-pve-firewall-cluster-opts.pl | 11 +++++++++++
 pve-firewall-cluster-opts.adoc   | 12 ++++++++++++
 pve-firewall.adoc                |  2 ++
 4 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100755 gen-pve-firewall-cluster-opts.pl
 create mode 100644 pve-firewall-cluster-opts.adoc

diff --git a/Makefile b/Makefile
index e7b9ad2..d22045c 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ RELEASE=4.1
 PVESM_SOURCES=attributes.txt pvesm.adoc pvesm.1-synopsis.adoc $(shell ls pve-storage-*.adoc)
 PVEUM_SOURCES=attributes.txt pveum.adoc pveum.1-synopsis.adoc
 VZDUMP_SOURCES=attributes.txt vzdump.adoc vzdump.1-synopsis.adoc
-PVEFW_SOURCES=attributes.txt pve-firewall.adoc pve-firewall-rules-opts.adoc pve-firewall-macros.adoc pve-firewall.8-synopsis.adoc
+PVEFW_SOURCES=attributes.txt pve-firewall.adoc pve-firewall-rules-opts.adoc pve-firewall-cluster-opts.adoc pve-firewall-macros.adoc pve-firewall.8-synopsis.adoc
 QM_SOURCES=attributes.txt qm.adoc qm.1-synopsis.adoc
 PCT_SOURCES=attributes.txt pct.adoc pct.1-synopsis.adoc
 PVEAM_SOURCES=attributes.txt pveam.adoc pveam.1-synopsis.adoc
@@ -79,6 +79,10 @@ all: pve-admin-guide.html
 	asciidoc ${ADOC_MAN8_HTML_ARGS} -o $@ $*.adoc
 	test -z "$${NOVIEW}" && $(BROWSER) $@ &
 
+pve-firewall-cluster-opts.adoc:
+	./gen-pve-firewall-cluster-opts.pl >$@.tmp
+	mv $@.tmp $@
+
 pve-firewall-rules-opts.adoc:
 	./gen-pve-firewall-rules-opts-adoc.pl >$@.tmp
 	mv $@.tmp $@
diff --git a/gen-pve-firewall-cluster-opts.pl b/gen-pve-firewall-cluster-opts.pl
new file mode 100755
index 0000000..2d4a04c
--- /dev/null
+++ b/gen-pve-firewall-cluster-opts.pl
@@ -0,0 +1,11 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use PVE::Firewall;
+use PVE::RESTHandler;
+
+my $prop = $PVE::Firewall::cluster_option_properties;
+
+print PVE::RESTHandler::dump_properties($prop);
diff --git a/pve-firewall-cluster-opts.adoc b/pve-firewall-cluster-opts.adoc
new file mode 100644
index 0000000..0c87244
--- /dev/null
+++ b/pve-firewall-cluster-opts.adoc
@@ -0,0 +1,12 @@
+`enable`: `integer (0 - N)` ::
+
+Enable or disable the firewall cluster wide.
+
+`policy_in`: `(ACCEPT | DROP | REJECT)` ::
+
+Input policy.
+
+`policy_out`: `(ACCEPT | DROP | REJECT)` ::
+
+Output policy.
+
diff --git a/pve-firewall.adoc b/pve-firewall.adoc
index 1fc86a1..bb02365 100644
--- a/pve-firewall.adoc
+++ b/pve-firewall.adoc
@@ -93,6 +93,8 @@ The configuration can contain the following sections:
 
 This is used to set cluster wide firewall options.
 
+include::pve-firewall-cluster-opts.adoc[]
+
 NOTE: The firewall is completely disabled by default, so you need to
 set the enable option here:
 
-- 
2.39.2