use base qw(PVE::RESTHandler);
-my $api_properties = {
+my $api_properties = {
cidr => {
description => "Network/IP specification in CIDR format.",
- type => 'string', format => 'IPv4orCIDR',
+ type => 'string', format => 'IPorCIDRorAlias',
},
name => get_standard_option('ipset-name'),
comment => {
},
};
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ die "implement this in subclass";
+}
+
sub load_config {
my ($class, $param) = @_;
die "implement this in subclass";
- #return ($fw_conf, $rules);
+ #return ($cluster_conf, $fw_conf, $ipset);
+}
+
+sub save_config {
+ my ($class, $param, $fw_conf) = @_;
+
+ die "implement this in subclass";
}
-sub save_rules {
- my ($class, $param, $fw_conf, $rules) = @_;
+sub rule_env {
+ my ($class, $param) = @_;
die "implement this in subclass";
}
+sub save_ipset {
+ my ($class, $param, $fw_conf, $ipset) = @_;
+
+ if (!defined($ipset)) {
+ delete $fw_conf->{ipset}->{$param->{name}};
+ } else {
+ $fw_conf->{ipset}->{$param->{name}} = $ipset;
+ }
+
+ $class->save_config($param, $fw_conf);
+}
+
my $additional_param_hash = {};
sub additional_parameters {
path => '',
method => 'GET',
description => "List IPSet content",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
type => 'boolean',
optional => 1,
},
- digest => get_standard_option('pve-config-digest', { optional => 0} ),
+ digest => get_standard_option('pve-config-digest', { optional => 0} ),
},
},
links => [ { rel => 'child', href => "{cidr}" } ],
code => sub {
my ($param) = @_;
- my ($fw_conf, $ipset) = $class->load_config($param);
+ my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param);
- my $digest = $fw_conf->{digest};
+ return PVE::Firewall::copy_list_with_digest($ipset);
+ }});
+}
- my $res = [];
- foreach my $entry (@$ipset) {
- my $data = {digest => $digest};
- foreach my $k (qw(cidr comment nomatch)) {
- $data->{$k} = $entry->{$k} if $entry->{$k};
- }
- push @$res, $data;
- }
+sub register_delete_ipset {
+ my ($class) = @_;
+
+ my $properties = $class->additional_parameters();
+
+ $properties->{name} = get_standard_option('ipset-name');
+ $properties->{force} = {
+ type => 'boolean',
+ optional => 1,
+ description => 'Delete all members of the IPSet, if there are any.',
+ };
- return $res;
+ $class->register_method({
+ name => 'delete_ipset',
+ path => '',
+ method => 'DELETE',
+ description => "Delete IPSet",
+ protected => 1,
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
+ parameters => {
+ additionalProperties => 0,
+ properties => $properties,
+ },
+ returns => { type => 'null' },
+ code => sub {
+ my ($param) = @_;
+
+ $class->lock_config($param, sub {
+ my ($param) = @_;
+
+ my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param);
+
+ die "IPSet '$param->{name}' is not empty\n"
+ if scalar(@$ipset) && !$param->{force};
+
+ $class->save_ipset($param, $fw_conf, undef);
+
+ });
+
+ return undef;
}});
}
method => 'POST',
description => "Add IP or Network to IPSet.",
protected => 1,
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
code => sub {
my ($param) = @_;
- my ($fw_conf, $ipset) = $class->load_config($param);
+ $class->lock_config($param, sub {
+ my ($param) = @_;
+
+ my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param);
+
+ my $cidr = $param->{cidr};
+ if ($cidr =~ m@^(dc/|guest/)?(${PVE::Firewall::ip_alias_pattern})$@) {
+ my $scope = $1 // "";
+ my $alias = $2;
+ # make sure alias exists (if $cidr is an alias)
+ PVE::Firewall::resolve_alias($cluster_conf, $fw_conf, $alias, $scope);
+ } else {
+ $cidr = PVE::Firewall::clean_cidr($cidr);
+ # normalize like config parser, otherwise duplicates might slip through
+ $cidr = PVE::Firewall::parse_ip_or_cidr($cidr);
+ }
- my $cidr = $param->{cidr};
-
- foreach my $entry (@$ipset) {
- raise_param_exc({ cidr => "address '$cidr' already exists" })
- if $entry->{cidr} eq $cidr;
- }
+ foreach my $entry (@$ipset) {
+ raise_param_exc({ cidr => "address '$cidr' already exists" })
+ if $entry->{cidr} eq $cidr;
+ }
+
+ raise_param_exc({ cidr => "a zero prefix is not allowed in ipset entries" })
+ if $cidr =~ m!/0+$!;
+
+
+ my $data = { cidr => $cidr };
+
+ $data->{nomatch} = 1 if $param->{nomatch};
+ $data->{comment} = $param->{comment} if $param->{comment};
- my $data = { cidr => $cidr };
- $data->{nomatch} = 1 if $param->{nomatch};
- $data->{comment} = $param->{comment} if $param->{comment};
+ unshift @$ipset, $data;
- unshift @$ipset, $data;
+ $class->save_ipset($param, $fw_conf, $ipset);
- $class->save_ipset($param, $fw_conf, $ipset);
+ });
return undef;
}});
$properties->{name} = $api_properties->{name};
$properties->{cidr} = $api_properties->{cidr};
-
+
$class->register_method({
name => 'read_ip',
path => '{cidr}',
method => 'GET',
description => "Read IP or Network settings from IPSet.",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
protected => 1,
parameters => {
additionalProperties => 0,
code => sub {
my ($param) = @_;
- my ($fw_conf, $ipset) = $class->load_config($param);
- my $digest = $fw_conf->{digest};
+ my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param);
+
+ my $list = PVE::Firewall::copy_list_with_digest($ipset);
- foreach my $entry (@$ipset) {
+ foreach my $entry (@$list) {
if ($entry->{cidr} eq $param->{cidr}) {
- $entry->{digest} = $digest;
return $entry;
}
}
method => 'PUT',
description => "Update IP or Network settings",
protected => 1,
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
code => sub {
my ($param) = @_;
- my ($fw_conf, $ipset) = $class->load_config($param);
+ my $found = $class->lock_config($param, sub {
+ my ($param) = @_;
+
+ my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param);
- PVE::Tools::assert_if_modified($fw_conf->{digest}, $param->{digest});
+ my (undef, $digest) = PVE::Firewall::copy_list_with_digest($ipset);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
- foreach my $entry (@$ipset) {
- if($entry->{cidr} eq $param->{cidr}) {
- $entry->{nomatch} = $param->{nomatch};
- $entry->{comment} = $param->{comment};
- $class->save_ipset($param, $fw_conf, $ipset);
- return;
+ foreach my $entry (@$ipset) {
+ if($entry->{cidr} eq $param->{cidr}) {
+ $entry->{nomatch} = $param->{nomatch};
+ $entry->{comment} = $param->{comment};
+ $class->save_ipset($param, $fw_conf, $ipset);
+ return 1;
+ }
}
- }
+
+ return 0;
+ });
+
+ return if $found;
raise_param_exc({ cidr => "no such IP/Network" });
}});
method => 'DELETE',
description => "Remove IP or Network from IPSet.",
protected => 1,
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
properties => $properties,
code => sub {
my ($param) = @_;
- my ($fw_conf, $ipset) = $class->load_config($param);
+ $class->lock_config($param, sub {
+ my ($param) = @_;
- PVE::Tools::assert_if_modified($fw_conf->{digest}, $param->{digest});
+ my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param);
- my $new = [];
-
- foreach my $entry (@$ipset) {
- push @$new, $entry if $entry->{cidr} ne $param->{cidr};
- }
+ my (undef, $digest) = PVE::Firewall::copy_list_with_digest($ipset);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
+
+ my $new = [];
+
+ foreach my $entry (@$ipset) {
+ push @$new, $entry if $entry->{cidr} ne $param->{cidr};
+ }
+
+ $class->save_ipset($param, $fw_conf, $new);
+ });
- $class->save_ipset($param, $fw_conf, $new);
-
return undef;
}});
}
sub register_handlers {
my ($class) = @_;
+ $class->register_delete_ipset();
$class->register_get_ipset();
$class->register_create_ip();
$class->register_read_ip();
use base qw(PVE::API2::Firewall::IPSetBase);
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'cluster';
+}
+
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ PVE::Firewall::lock_clusterfw_conf(10, $code, $param);
+}
+
sub load_config {
my ($class, $param) = @_;
my $ipset = $fw_conf->{ipset}->{$param->{name}};
die "no such IPSet '$param->{name}'\n" if !defined($ipset);
- return ($fw_conf, $ipset);
+ return (undef, $fw_conf, $ipset);
}
-sub save_ipset {
- my ($class, $param, $fw_conf, $ipset) = @_;
+sub save_config {
+ my ($class, $param, $fw_conf) = @_;
- $fw_conf->{ipset}->{$param->{name}} = $ipset;
PVE::Firewall::save_clusterfw_conf($fw_conf);
}
__PACKAGE__->register_handlers();
+package PVE::API2::Firewall::VMIPset;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::IPSetBase);
+
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'vm';
+}
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param);
+}
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'vm', $param->{vmid});
+ my $ipset = $fw_conf->{ipset}->{$param->{name}};
+ die "no such IPSet '$param->{name}'\n" if !defined($ipset);
+
+ return ($cluster_conf, $fw_conf, $ipset);
+}
+
+sub save_config {
+ my ($class, $param, $fw_conf) = @_;
+
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
+package PVE::API2::Firewall::CTIPset;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+
+use base qw(PVE::API2::Firewall::IPSetBase);
+
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'ct';
+}
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param);
+}
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'ct', $param->{vmid});
+ my $ipset = $fw_conf->{ipset}->{$param->{name}};
+ die "no such IPSet '$param->{name}'\n" if !defined($ipset);
+
+ return ($cluster_conf, $fw_conf, $ipset);
+}
+
+sub save_config {
+ my ($class, $param, $fw_conf) = @_;
+
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
package PVE::API2::Firewall::BaseIPSetList;
use strict;
use base qw(PVE::RESTHandler);
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ die "implement this in subclass";
+}
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ die "implement this in subclass";
+
+ #return ($cluster_conf, $fw_conf);
+}
+
+sub save_config {
+ my ($class, $param, $fw_conf) = @_;
+
+ die "implement this in subclass";
+}
+
+sub rule_env {
+ my ($class, $param) = @_;
+
+ die "implement this in subclass";
+}
+
+my $additional_param_hash_list = {};
+
+sub additional_parameters {
+ my ($class, $new_value) = @_;
+
+ if (defined($new_value)) {
+ $additional_param_hash_list->{$class} = $new_value;
+ }
+
+ # return a copy
+ my $copy = {};
+ my $org = $additional_param_hash_list->{$class} || {};
+ foreach my $p (keys %$org) { $copy->{$p} = $org->{$p}; }
+ return $copy;
+}
+
+my $get_ipset_list = sub {
+ my ($fw_conf) = @_;
+
+ my $res = [];
+ foreach my $name (sort keys %{$fw_conf->{ipset}}) {
+ my $data = {
+ name => $name,
+ };
+ if (my $comment = $fw_conf->{ipset_comments}->{$name}) {
+ $data->{comment} = $comment;
+ }
+ push @$res, $data;
+ }
+
+ my ($list, $digest) = PVE::Firewall::copy_list_with_digest($res);
+
+ return wantarray ? ($list, $digest) : $list;
+};
+
sub register_index {
my ($class) = @_;
+ my $properties = $class->additional_parameters();
+
$class->register_method({
name => 'ipset_index',
path => '',
method => 'GET',
description => "List IPSets",
+ permissions => PVE::Firewall::rules_audit_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
+ properties => $properties,
},
returns => {
type => 'array',
items => {
type => "object",
- properties => {
+ properties => {
name => get_standard_option('ipset-name'),
digest => get_standard_option('pve-config-digest', { optional => 0} ),
- comment => {
+ comment => {
type => 'string',
optional => 1,
}
},
code => sub {
my ($param) = @_;
-
- my $fw_conf = $class->load_config();
-
- my $digest = $fw_conf->{digest};
-
- my $res = [];
- foreach my $name (keys %{$fw_conf->{ipset}}) {
- my $data = {
- name => $name,
- digest => $digest,
- count => scalar(@{$fw_conf->{ipset}->{$name}})
- };
- if (my $comment = $fw_conf->{ipset_comments}->{$name}) {
- $data->{comment} = $comment;
- }
- push @$res, $data;
- }
- return $res;
+ my ($cluster_conf, $fw_conf) = $class->load_config($param);
+
+ return &$get_ipset_list($fw_conf);
}});
}
sub register_create {
my ($class) = @_;
+ my $properties = $class->additional_parameters();
+
+ $properties->{name} = get_standard_option('ipset-name');
+
+ $properties->{comment} = { type => 'string', optional => 1 };
+
+ $properties->{digest} = get_standard_option('pve-config-digest');
+
+ $properties->{rename} = get_standard_option('ipset-name', {
+ description => "Rename an existing IPSet. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing IPSet.",
+ optional => 1 });
+
$class->register_method({
name => 'create_ipset',
path => '',
method => 'POST',
description => "Create new IPSet",
protected => 1,
+ permissions => PVE::Firewall::rules_modify_permissions($class->rule_env()),
parameters => {
additionalProperties => 0,
- properties => {
- name => get_standard_option('ipset-name'),
- comment => {
- type => 'string',
- optional => 1,
- },
- rename => get_standard_option('ipset-name', {
- description => "Rename an existing IPSet. You can set 'rename' to the same value as 'name' to update the 'comment' of an existing IPSet.",
- optional => 1,
- }),
- digest => get_standard_option('pve-config-digest'),
- }
+ properties => $properties,
},
returns => { type => 'null' },
code => sub {
my ($param) = @_;
-
- my $fw_conf = $class->load_config();
- my $digest = $fw_conf->{digest};
+ $class->lock_config($param, sub {
+ my ($param) = @_;
- PVE::Tools::assert_if_modified($digest, $param->{digest});
+ my ($cluster_conf, $fw_conf) = $class->load_config($param);
- if (!$param->{rename}) {
- foreach my $name (keys %{$fw_conf->{ipset}}) {
- raise_param_exc({ name => "IPSet '$name' already exists" })
- if $name eq $param->{name};
- }
- }
+ if ($param->{rename}) {
+ my (undef, $digest) = &$get_ipset_list($fw_conf);
+ PVE::Tools::assert_if_modified($digest, $param->{digest});
+
+ raise_param_exc({ name => "IPSet '$param->{rename}' does not exist" })
+ if !$fw_conf->{ipset}->{$param->{rename}};
+
+ # prevent overwriting existing ipset
+ raise_param_exc({ name => "IPSet '$param->{name}' does already exist"})
+ if $fw_conf->{ipset}->{$param->{name}} &&
+ $param->{name} ne $param->{rename};
+
+ my $data = delete $fw_conf->{ipset}->{$param->{rename}};
+ $fw_conf->{ipset}->{$param->{name}} = $data;
+ if (my $comment = delete $fw_conf->{ipset_comments}->{$param->{rename}}) {
+ $fw_conf->{ipset_comments}->{$param->{name}} = $comment;
+ }
+ $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
+ } else {
+ foreach my $name (keys %{$fw_conf->{ipset}}) {
+ raise_param_exc({ name => "IPSet '$name' already exists" })
+ if $name eq $param->{name};
+ }
- if ($param->{rename}) {
- raise_param_exc({ name => "IPSet '$param->{rename}' does not exists" })
- if !$fw_conf->{ipset}->{$param->{rename}};
- my $data = delete $fw_conf->{ipset}->{$param->{rename}};
- $fw_conf->{ipset}->{$param->{name}} = $data;
- if (my $comment = delete $fw_conf->{ipset_comments}->{$param->{rename}}) {
- $fw_conf->{ipset_comments}->{$param->{name}} = $comment;
+ $fw_conf->{ipset}->{$param->{name}} = [];
+ $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
}
- $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
- } else {
- $fw_conf->{ipset}->{$param->{name}} = [];
- $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment});
- }
- $class->save_config($fw_conf);
+ $class->save_config($param, $fw_conf);
+ });
return undef;
}});
}
-sub register_delete {
+sub register_handlers {
my ($class) = @_;
- $class->register_method({
- name => 'delete_ipset',
- path => '{name}',
- method => 'DELETE',
- description => "Delete IPSet",
- protected => 1,
- parameters => {
- additionalProperties => 0,
- properties => {
- name => get_standard_option('ipset-name'),
- digest => get_standard_option('pve-config-digest'),
- },
- },
- returns => { type => 'null' },
- code => sub {
- my ($param) = @_;
-
- my $fw_conf = $class->load_config();
+ $class->register_index();
+ $class->register_create();
+}
+
+package PVE::API2::Firewall::ClusterIPSetList;
- PVE::Tools::assert_if_modified($fw_conf->{digest}, $param->{digest});
+use strict;
+use warnings;
+use PVE::Firewall;
- return undef if !$fw_conf->{ipset}->{$param->{name}};
+use base qw(PVE::API2::Firewall::BaseIPSetList);
- die "IPSet '$param->{name}' is not empty\n"
- if scalar(@{$fw_conf->{ipset}->{$param->{name}}});
+sub rule_env {
+ my ($class, $param) = @_;
- delete $fw_conf->{ipset}->{$param->{name}};
+ return 'cluster';
+}
- $class->save_config($fw_conf);
+sub lock_config {
+ my ($class, $param, $code) = @_;
- return undef;
- }});
+ PVE::Firewall::lock_clusterfw_conf(10, $code, $param);
}
-sub register_handlers {
- my ($class) = @_;
+sub load_config {
+ my ($class, $param) = @_;
- $class->register_index();
- $class->register_create();
- $class->register_delete();
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ return (undef, $cluster_conf);
}
-package PVE::API2::Firewall::ClusterIPSetList;
+sub save_config {
+ my ($class, $param, $fw_conf) = @_;
+
+ PVE::Firewall::save_clusterfw_conf($fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
+__PACKAGE__->register_method ({
+ subclass => "PVE::API2::Firewall::ClusterIPset",
+ path => '{name}',
+ # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/'
+ fragmentDelimiter => '',
+});
+
+package PVE::API2::Firewall::VMIPSetList;
use strict;
use warnings;
+use PVE::JSONSchema qw(get_standard_option);
use PVE::Firewall;
use base qw(PVE::API2::Firewall::BaseIPSetList);
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'vm';
+}
+
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param);
+}
+
sub load_config {
- my ($class) = @_;
-
- return PVE::Firewall::load_clusterfw_conf();
+ my ($class, $param) = @_;
+
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'vm', $param->{vmid});
+ return ($cluster_conf, $fw_conf);
}
sub save_config {
- my ($class, $fw_conf) = @_;
+ my ($class, $param, $fw_conf) = @_;
- PVE::Firewall::save_clusterfw_conf($fw_conf);
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
+}
+
+__PACKAGE__->register_handlers();
+
+__PACKAGE__->register_method ({
+ subclass => "PVE::API2::Firewall::VMIPset",
+ path => '{name}',
+ # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/'
+ fragmentDelimiter => '',
+});
+
+package PVE::API2::Firewall::CTIPSetList;
+
+use strict;
+use warnings;
+use PVE::JSONSchema qw(get_standard_option);
+use PVE::Firewall;
+
+use base qw(PVE::API2::Firewall::BaseIPSetList);
+
+__PACKAGE__->additional_parameters({
+ node => get_standard_option('pve-node'),
+ vmid => get_standard_option('pve-vmid'),
+});
+
+sub rule_env {
+ my ($class, $param) = @_;
+
+ return 'ct';
+}
+
+sub lock_config {
+ my ($class, $param, $code) = @_;
+
+ PVE::Firewall::lock_vmfw_conf($param->{vmid}, 10, $code, $param);
+}
+
+sub load_config {
+ my ($class, $param) = @_;
+
+ my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
+ my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'ct', $param->{vmid});
+ return ($cluster_conf, $fw_conf);
+}
+
+sub save_config {
+ my ($class, $param, $fw_conf) = @_;
+
+ PVE::Firewall::save_vmfw_conf($param->{vmid}, $fw_conf);
}
__PACKAGE__->register_handlers();
__PACKAGE__->register_method ({
- subclass => "PVE::API2::Firewall::ClusterIPset",
+ subclass => "PVE::API2::Firewall::CTIPset",
path => '{name}',
- # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/'
- fragmentDelimiter => '',
+ # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/'
+ fragmentDelimiter => '',
});
1;
projects / pve-firewall.git / blobdiff