ref => {
type => 'string',
},
+ scope => {
+ type => 'string',
+ },
comment => {
type => 'string',
optional => 1,
my $conf = PVE::Firewall::load_clusterfw_conf();
- my $res = [];
-
- if (!$param->{type} || $param->{type} eq 'ipset') {
- foreach my $name (keys %{$conf->{ipset}}) {
- my $data = {
- type => 'ipset',
- name => $name,
- ref => "+$name",
- };
- if (my $comment = $conf->{ipset_comments}->{$name}) {
- $data->{comment} = $comment;
- }
- push @$res, $data;
- }
- }
-
- if (!$param->{type} || $param->{type} eq 'alias') {
- foreach my $name (keys %{$conf->{aliases}}) {
- my $e = $conf->{aliases}->{$name};
- my $data = {
- type => 'alias',
- name => $name,
- ref => $name,
- };
- $data->{comment} = $e->{comment} if $e->{comment};
- push @$res, $data;
- }
- }
-
- return $res;
+ return PVE::Firewall::Helpers::collect_refs($conf, $param->{type}, "dc");
}});
1;
name => {
type => 'string',
},
+ ref => {
+ type => 'string',
+ },
+ scope => {
+ type => 'string',
+ },
comment => {
type => 'string',
optional => 1,
my $cluster_conf = PVE::Firewall::load_clusterfw_conf();
my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $rule_env, $param->{vmid});
- my $ipsets = {};
- my $aliases = {};
-
- foreach my $conf (($cluster_conf, $fw_conf)) {
- next if !$conf;
- if (!$param->{type} || $param->{type} eq 'ipset') {
- foreach my $name (keys %{$conf->{ipset}}) {
- my $data = {
- type => 'ipset',
- name => $name,
- ref => "+$name",
- };
- if (my $comment = $conf->{ipset_comments}->{$name}) {
- $data->{comment} = $comment;
- }
- $ipsets->{$name} = $data;
- }
- }
-
- if (!$param->{type} || $param->{type} eq 'alias') {
- foreach my $name (keys %{$conf->{aliases}}) {
- my $e = $conf->{aliases}->{$name};
- my $data = {
- type => 'alias',
- name => $name,
- ref => $name,
- };
- $data->{comment} = $e->{comment} if $e->{comment};
- $aliases->{$name} = $data;
- }
- }
- }
-
- my $res = [];
- foreach my $e (values %$ipsets) { push @$res, $e; };
- foreach my $e (values %$aliases) { push @$res, $e; };
+ my $dc_refs = PVE::Firewall::Helpers::collect_refs($cluster_conf, $param->{type}, 'dc');
+ my $vm_refs = PVE::Firewall::Helpers::collect_refs($fw_conf, $param->{type}, 'guest');
- return $res;
+ return [@$dc_refs, @$vm_refs];
}});
}
lock_vmfw_conf
remove_vmfw_conf
clone_vmfw_conf
+collect_refs
);
my $pvefw_conf_dir = "/etc/pve/firewall";
return ($state{'count'}, $state{'lines'});
}
+sub collect_refs {
+ my ($conf, $type, $scope) = @_;
+
+
+ my $res = [];
+
+ if (!$type || $type eq 'ipset') {
+ foreach my $name (keys %{$conf->{ipset}}) {
+ my $data = {
+ type => 'ipset',
+ name => $name,
+ ref => "+$name",
+ scope => $scope,
+ };
+ if (my $comment = $conf->{ipset_comments}->{$name}) {
+ $data->{comment} = $comment;
+ }
+ push @$res, $data;
+ }
+ }
+
+ if (!$type || $type eq 'alias') {
+ foreach my $name (keys %{$conf->{aliases}}) {
+ my $e = $conf->{aliases}->{$name};
+ my $data = {
+ type => 'alias',
+ name => $name,
+ ref => $name,
+ scope => $scope,
+ };
+ $data->{comment} = $e->{comment} if $e->{comment};
+ push @$res, $data;
+ }
+ }
+
+ return $res;
+}
+
1;