return wantarray ? ($res, $digest) : $res;
}
+
+my $addr_list_descr = "This can refer to a single IP address, an IP set (`+ipsetname`) or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by ','). Please do not mix IPv4 and IPv6 addresses inside such lists.";
+
+my $port_descr = "You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with `\\d+:\\d+`, for example `80:85', and you can use comma separated list to match several ports or ranges.";
+
my $rule_properties = {
pos => {
description => "Update rule at position <pos>.",
optional => 1,
maxLength => 128,
},
- iface => get_standard_option('pve-iface', { optional => 1 }),
+ iface => get_standard_option('pve-iface', {
+ description => "Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.",
+ optional => 1
+ }),
source => {
+ description => "Restrict packet source address. $addr_list_descr",
type => 'string', format => 'pve-fw-addr-spec',
optional => 1,
},
dest => {
+ description => "Restrict packet destination address. $addr_list_descr",
type => 'string', format => 'pve-fw-addr-spec',
optional => 1,
},
proto => {
+ description => "IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as defined in '/etc/protocols'.",
type => 'string', format => 'pve-fw-protocol-spec',
optional => 1,
},
optional => 1,
},
sport => {
+ description => "Restrict TCP/UDP source port. $port_descr",
type => 'string', format => 'pve-fw-sport-spec',
optional => 1,
},
dport => {
+ description => "Restrict TCP/UDP destination port. $port_descr",
type => 'string', format => 'pve-fw-dport-spec',
optional => 1,
},
projects / pve-firewall.git / blobdiff