From 4a11bba5c927890d8d09a7ff8f3539155bad1ce7 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 7 Apr 2014 12:44:22 +0200
Subject: [PATCH] ipset: implement delete API, improve parameter verification

---
 src/PVE/API2/Firewall/IPSet.pm | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index e96efc0..ec6e783 100644
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -2,6 +2,7 @@ package PVE::API2::Firewall::IPSetBase;
 
 use strict;
 use warnings;
+use PVE::Exception qw(raise raise_param_exc);
 use PVE::JSONSchema qw(get_standard_option);
 
 use PVE::Firewall;
@@ -128,12 +129,17 @@ sub register_add_ip {
 
 	    my ($fw_conf, $ipset) = $class->load_config($param);
 
-	    my $data = { cidr => $param->{cidr} };
+	    my $cidr = $param->{cidr};
+	    
+	    foreach my $entry (@$ipset) {
+		raise_param_exc({ cidr => "address '$cidr' already exists" }) 
+		    if $entry->{cidr} eq $cidr;
+	    }
+
+	    my $data = { cidr => $cidr };
 	    $data->{nomatch} = 1 if $param->{nomatch};
 	    $data->{comment} = $param->{comment} if $param->{comment};
 
-	    # fixme: verify
-
 	    unshift @$ipset, $data;
 
 	    $class->save_ipset($param, $fw_conf, $ipset);
@@ -166,10 +172,14 @@ sub register_remove_ip {
 
 	    my ($fw_conf, $ipset) = $class->load_config($param);
 
-	    die "implement me $param->{cidr}";
-
-	    $class->save_ipset($param, $fw_conf, $ipset);
+	    my $new = [];
+   
+	    foreach my $entry (@$ipset) {
+		push @$new, $entry if $entry->{cidr} ne $param->{cidr};
+	    }
 
+	    $class->save_ipset($param, $fw_conf, $new);
+	    
 	    return undef;
 	}});
 }
-- 
2.39.2