+PVE::JSONSchema::register_format('pve-fw-port-spec', \&pve_fw_verify_port_spec);
+sub pve_fw_verify_port_spec {
+ my ($portstr) = @_;
+
+ parse_port_name_number_or_range($portstr);
+
+ return $portstr;
+}
+
+PVE::JSONSchema::register_format('pve-fw-v4addr-spec', \&pve_fw_verify_v4addr_spec);
+sub pve_fw_verify_v4addr_spec {
+ my ($list) = @_;
+
+ parse_address_list($list);
+
+ return $list;
+}
+
+PVE::JSONSchema::register_format('pve-fw-protocol-spec', \&pve_fw_verify_protocol_spec);
+sub pve_fw_verify_protocol_spec {
+ my ($proto) = @_;
+
+ my $protocols = get_etc_protocols();
+
+ die "unknown protocol '$proto'\n" if $proto &&
+ !(defined($protocols->{byname}->{$proto}) ||
+ defined($protocols->{byid}->{$proto}));
+
+ return $proto;
+}
+
+
+# helper function for API
+
+my $rule_properties = {
+ pos => {
+ description => "Update rule at position <pos>.",
+ type => 'integer',
+ minimum => 0,
+ optional => 1,
+ },
+ digest => {
+ type => 'string',
+ optional => 1,
+ maxLength => 27,
+ minLength => 27,
+ },
+ type => {
+ type => 'string',
+ optional => 1,
+ enum => ['in', 'out', 'group'],
+ },
+ action => {
+ type => 'string',
+ optional => 1,
+ enum => ['ACCEPT', 'DROP', 'REJECT'],
+ },
+ macro => {
+ type => 'string',
+ optional => 1,
+ maxLength => 128,
+ },
+ iface => get_standard_option('pve-iface', { optional => 1 }),
+ source => {
+ type => 'string', format => 'pve-fw-v4addr-spec',
+ optional => 1,
+ },
+ dest => {
+ type => 'string', format => 'pve-fw-v4addr-spec',
+ optional => 1,
+ },
+ proto => {
+ type => 'string', format => 'pve-fw-protocol-spec',
+ optional => 1,
+ },
+ enable => {
+ type => 'boolean',
+ optional => 1,
+ },
+ sport => {
+ type => 'string', format => 'pve-fw-port-spec',
+ optional => 1,
+ },
+ dport => {
+ type => 'string', format => 'pve-fw-port-spec',
+ optional => 1,
+ },
+ comment => {
+ type => 'string',
+ optional => 1,
+ },
+};
+
+sub cleanup_fw_rule {
+ my ($rule, $digest, $pos) = @_;
+
+ my $r = {};
+
+ foreach my $k (keys %$rule) {
+ next if !$rule_properties->{$k};
+ my $v = $rule->{$k};
+ next if !defined($v);
+ $r->{$k} = $v;
+ $r->{digest} = $digest;
+ $r->{pos} = $pos;
+ }
+
+ return $r;
+}
+
+sub add_rule_properties {
+ my ($properties) = @_;
+
+ foreach my $k (keys %$rule_properties) {
+ $properties->{$k} = $rule_properties->{$k};
+ }
+
+ return $properties;
+}
+
+sub copy_rule_data {
+ my ($rule, $param) = @_;
+
+ foreach my $k (keys %$rule_properties) {
+ if (defined(my $v = $param->{$k})) {
+ if ($v eq '' || $v eq '-') {
+ delete $rule->{$k};
+ } else {
+ $rule->{$k} = $v;
+ }
+ } else {
+ delete $rule->{$k};
+ }
+ }
+ return $rule;
+}
+
+# core functions