code => sub {
my ($param) = @_;
- my $groups_conf = PVE::Firewall::load_security_groups();
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
my $res = [];
- foreach my $group (keys %{$groups_conf->{rules}}) {
- push @$res, { name => $group, count => scalar(@{$groups_conf->{rules}->{$group}}) };
+ foreach my $group (keys %{$cluster_conf->{rules}}) {
+ push @$res, { name => $group, count => scalar(@{$cluster_conf->{rules}->{$group}}) };
}
return $res;
code => sub {
my ($param) = @_;
- my $groups_conf = PVE::Firewall::load_security_groups();
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
- my $rules = $groups_conf->{rules}->{$param->{group}};
+ my $rules = $cluster_conf->{rules}->{$param->{group}};
die "no such security group\n" if !defined($rules);
- my $digest = $groups_conf->{digest};
+ my $digest = $cluster_conf->{digest};
my $res = [];
code => sub {
my ($param) = @_;
- my $groups_conf = PVE::Firewall::load_security_groups();
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
- my $rules = $groups_conf->{rules}->{$param->{group}};
+ my $rules = $cluster_conf->{rules}->{$param->{group}};
die "no such security group\n" if !defined($rules);
- my $digest = $groups_conf->{digest};
+ my $digest = $cluster_conf->{digest};
# fixme: check digest
die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
code => sub {
my ($param) = @_;
- my $groups_conf = PVE::Firewall::load_security_groups();
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
- my $rules = $groups_conf->{rules}->{$param->{group}};
+ my $rules = $cluster_conf->{rules}->{$param->{group}};
die "no such security group\n" if !defined($rules);
- my $digest = $groups_conf->{digest};
+ my $digest = $cluster_conf->{digest};
my $rule = { type => 'out', action => 'ACCEPT', enable => 0};
unshift @$rules, $rule;
- PVE::Firewall::save_security_groups($groups_conf);
+ PVE::Firewall::save_clusterfw_conf($cluster_conf);
return undef;
}});
type => 'string',
},
moveto => {
- description => "Move rule to new position <moveto>.",
+ description => "Move rule to new position <moveto>. Other arguments are ignored.",
type => 'integer',
minimum => 0,
optional => 1,
code => sub {
my ($param) = @_;
- my $groups_conf = PVE::Firewall::load_security_groups();
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
- my $rules = $groups_conf->{rules}->{$param->{group}};
+ my $rules = $cluster_conf->{rules}->{$param->{group}};
die "no such security group\n" if !defined($rules);
- my $digest = $groups_conf->{digest};
+ my $digest = $cluster_conf->{digest};
# fixme: check digest
die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
my $rule = $rules->[$param->{pos}];
- PVE::Firewall::copy_rule_data($rule, $param);
-
my $moveto = $param->{moveto};
if (defined($moveto) && $moveto != $param->{pos}) {
my $newrules = [];
}
push @$newrules, $rule if $moveto >= scalar(@$rules);
- $groups_conf->{rules}->{$param->{group}} = $newrules;
- }
+ $cluster_conf->{rules}->{$param->{group}} = $newrules;
+ } else {
+ PVE::Firewall::copy_rule_data($rule, $param);
+ }
- PVE::Firewall::save_security_groups($groups_conf);
+ PVE::Firewall::save_clusterfw_conf($cluster_conf);
return undef;
}});
code => sub {
my ($param) = @_;
- my $groups_conf = PVE::Firewall::load_security_groups();
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
- my $rules = $groups_conf->{rules}->{$param->{group}};
+ my $rules = $cluster_conf->{rules}->{$param->{group}};
die "no such security group\n" if !defined($rules);
- my $digest = $groups_conf->{digest};
+ my $digest = $cluster_conf->{digest};
# fixme: check digest
die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules);
splice(@$rules, $param->{pos}, 1);
- PVE::Firewall::save_security_groups($groups_conf);
+ PVE::Firewall::save_clusterfw_conf($cluster_conf);
return undef;
}});