ipset: implement delete API, improve parameter verification

diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index e96efc01f22802710f8776089e3cb78763e3b47f..ec6e783d1ac9c6f127c8a09e811413c7c38f4924 100644 (file)
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -2,6 +2,7 @@ package PVE::API2::Firewall::IPSetBase;
 
 use strict;
 use warnings;
+use PVE::Exception qw(raise raise_param_exc);
 use PVE::JSONSchema qw(get_standard_option);
 
 use PVE::Firewall;
@@ -128,12 +129,17 @@ sub register_add_ip {
 
            my ($fw_conf, $ipset) = $class->load_config($param);
 
-           my $data = { cidr => $param->{cidr} };
+           my $cidr = $param->{cidr};
+           
+           foreach my $entry (@$ipset) {
+               raise_param_exc({ cidr => "address '$cidr' already exists" }) 
+                   if $entry->{cidr} eq $cidr;
+           }
+
+           my $data = { cidr => $cidr };
            $data->{nomatch} = 1 if $param->{nomatch};
            $data->{comment} = $param->{comment} if $param->{comment};
 
-           # fixme: verify
-
            unshift @$ipset, $data;
 
            $class->save_ipset($param, $fw_conf, $ipset);
@@ -166,10 +172,14 @@ sub register_remove_ip {
 
            my ($fw_conf, $ipset) = $class->load_config($param);
 
-           die "implement me $param->{cidr}";
-
-           $class->save_ipset($param, $fw_conf, $ipset);
+           my $new = [];
+   
+           foreach my $entry (@$ipset) {
+               push @$new, $entry if $entry->{cidr} ne $param->{cidr};
+           }
 
+           $class->save_ipset($param, $fw_conf, $new);
+           
            return undef;
        }});
 }