use PVE::JSONSchema qw(get_standard_option);
use PVE::Firewall;
+use PVE::API2::Firewall::Aliases;
use PVE::API2::Firewall::Rules;
use PVE::API2::Firewall::Groups;
use PVE::API2::Firewall::IPSet;
path => 'ipset',
});
+__PACKAGE__->register_method ({
+ subclass => "PVE::API2::Firewall::ClusterAliases",
+ path => 'aliases',
+});
+
+
__PACKAGE__->register_method({
name => 'index',
path => '',
my ($param) = @_;
my $result = [
+ { name => 'aliases' },
{ name => 'rules' },
{ name => 'options' },
{ name => 'groups' },
return $result;
}});
+my $option_properties = {
+ enable => {
+ type => 'boolean',
+ optional => 1,
+ },
+ policy_in => {
+ description => "Input policy.",
+ type => 'string',
+ optional => 1,
+ enum => ['ACCEPT', 'REJECT', 'DROP'],
+ },
+ policy_out => {
+ description => "Output policy.",
+ type => 'string',
+ optional => 1,
+ enum => ['ACCEPT', 'REJECT', 'DROP'],
+ },
+};
+
+my $add_option_properties = sub {
+ my ($properties) = @_;
+
+ foreach my $k (keys %$option_properties) {
+ $properties->{$k} = $option_properties->{$k};
+ }
+
+ return $properties;
+};
+
+
__PACKAGE__->register_method({
name => 'get_options',
path => 'options',
returns => {
type => "object",
#additionalProperties => 1,
- properties => {
- enable => {
- type => 'boolean',
- optional => 1,
- },
- },
+ properties => $option_properties,
},
code => sub {
my ($param) = @_;
my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
- my $options = $cluster_conf->{options};
-
- return $options;
+ return PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
}});
-my $option_properties = {
- enable => {
- type => 'boolean',
- optional => 1,
- },
-};
-
-my $add_option_properties = sub {
- my ($properties) = @_;
-
- foreach my $k (keys %$option_properties) {
- $properties->{$k} = $option_properties->{$k};
- }
-
- return $properties;
-};
__PACKAGE__->register_method({
name => 'set_options',
description => "A list of settings you want to delete.",
optional => 1,
},
+ digest => get_standard_option('pve-config-digest'),
}),
},
returns => { type => "null" },
my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my (undef, $digest) = PVE::Firewall::copy_opject_with_digest($cluster_conf->{options});
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
+
if ($param->{delete}) {
foreach my $opt (PVE::Tools::split_list($param->{delete})) {
raise_param_exc({ delete => "no such option '$opt'" })
}
if (defined($param->{enable})) {
- $cluster_conf->{options}->{enable} = $param->{enable} ? 1 : 0;
+ $param->{enable} = $param->{enable} ? 1 : 0;
+ }
+
+ foreach my $k (keys %$option_properties) {
+ next if !defined($param->{$k});
+ $cluster_conf->{options}->{$k} = $param->{$k};
}
PVE::Firewall::save_clusterfw_conf($cluster_conf);