Firewall/Host: add permissions

[pve-firewall.git] / src / PVE / API2 / Firewall / Host.pm

diff --git a/src/PVE/API2/Firewall/Host.pm b/src/PVE/API2/Firewall/Host.pm
index d696455f58228d2f4883949f054ad0d0d024f68b..37a63b7035c28c0dbac7a0e5a99509d52cf4299d 100644 (file)
--- a/src/PVE/API2/Firewall/Host.pm
+++ b/src/PVE/API2/Firewall/Host.pm
@@ -73,16 +73,6 @@ my $option_properties = {
        type => 'boolean',
        optional => 1,
     },
-    allow_bridge_route => {
-       description => "Enable firewall when bridges contains IP address. The firewall is not fully functional in that case, so you need to enable that explicitly",
-       type => 'boolean',
-       optional => 1,
-    },
-    optimize => {
-       description => "Allow rules processing speed optimizations.",
-       type => 'boolean',
-       optional => 1,
-    },
     nf_conntrack_max => {
        description => "Maximum number of tracked connections.",
        type => 'integer',
@@ -114,6 +104,9 @@ __PACKAGE__->register_method({
     method => 'GET',
     description => "Get host firewall options.",
     proxyto => 'node',
+    permissions => {
+       check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
+    },
     parameters => {
        additionalProperties => 0,
        properties => {
@@ -140,6 +133,9 @@ __PACKAGE__->register_method({
     description => "Set Firewall options.",
     protected => 1,
     proxyto => 'node',
+    permissions => {
+       check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
+    },
     parameters => {
        additionalProperties => 0,
        properties => &$add_option_properties({