+sub save_security_groups {
+ my ($groups_conf) = @_;
+
+ my $raw = '';
+ my $filename = "/etc/pve/firewall/groups.fw";
+
+ foreach my $group (sort keys %{$groups_conf->{rules}}) {
+ my $rules = $groups_conf->{rules}->{$group};
+ $raw .= "[group $group]\n\n";
+
+ foreach my $rule (@$rules) {
+ if ($rule->{type} eq 'in' || $rule->{type} eq 'out') {
+ $raw .= '|' if defined($rule->{enable}) && !$rule->{enable};
+ $raw .= uc($rule->{type});
+ $raw .= " " . $rule->{action};
+ $raw .= " " . ($rule->{source} || '-');
+ $raw .= " " . ($rule->{dest} || '-');
+ $raw .= " " . ($rule->{proto} || '-');
+ $raw .= " " . ($rule->{dport} || '-');
+ $raw .= " " . ($rule->{sport} || '-');
+ $raw .= " # " . encode('utf8', $rule->{comment})
+ if $rule->{comment} && $rule->{comment} !~ m/^\s*$/;
+ $raw .= "\n";
+ } else {
+ die "implement me '$rule->{type}'";
+ }
+ }
+
+ $raw .= "\n";
+ }
+
+ PVE::Tools::file_set_contents($filename, $raw);
+}
+