Extracted form perl api.
Signed-off-by: Dietmar Maurer <[email protected]>
---
.../src/guest_options.rs | 97 +++++++++++++++++++
proxmox-firewall-api-types/src/lib.rs | 3 +
2 files changed, 100 insertions(+)
create mode 100644 proxmox-firewall-api-types/src/guest_options.rs
diff --git a/proxmox-firewall-api-types/src/guest_options.rs
b/proxmox-firewall-api-types/src/guest_options.rs
new file mode 100644
index 00000000..3c2dd774
--- /dev/null
+++ b/proxmox-firewall-api-types/src/guest_options.rs
@@ -0,0 +1,97 @@
+use proxmox_schema::api;
+
+use super::{FirewallIOPolicy, FirewallLogLevel};
+
+#[api(
+ properties: {
+ dhcp: {
+ default: false,
+ optional: true,
+ },
+ enable: {
+ default: false,
+ optional: true,
+ },
+ ipfilter: {
+ default: false,
+ optional: true,
+ },
+ log_level_in: {
+ optional: true,
+ type: FirewallLogLevel,
+ },
+ log_level_out: {
+ optional: true,
+ type: FirewallLogLevel,
+ },
+ macfilter: {
+ default: true,
+ optional: true,
+ },
+ ndp: {
+ default: true,
+ optional: true,
+ },
+ policy_in: {
+ optional: true,
+ type: FirewallIOPolicy,
+ },
+ policy_out: {
+ optional: true,
+ type: FirewallIOPolicy,
+ },
+ radv: {
+ default: false,
+ optional: true,
+ },
+ },
+)]
+/// Guest Firewall Options
+#[derive(Debug, serde::Deserialize, serde::Serialize)]
+pub struct FirewallGuestOptions {
+ /// Enable DHCP.
+ #[serde(deserialize_with = "proxmox_serde::perl::deserialize_bool")]
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub dhcp: Option<bool>,
+
+ /// Enable/disable firewall rules.
+ #[serde(deserialize_with = "proxmox_serde::perl::deserialize_bool")]
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub enable: Option<bool>,
+
+ /// Enable default IP filters. This is equivalent to adding an empty
+ /// ipfilter-net<id> ipset for every interface. Such ipsets implicitly
+ /// contain sane default restrictions such as restricting IPv6 link local
+ /// addresses to the one derived from the interface's MAC address. For
+ /// containers the configured IP addresses will be implicitly added.
+ #[serde(deserialize_with = "proxmox_serde::perl::deserialize_bool")]
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub ipfilter: Option<bool>,
+
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub log_level_in: Option<FirewallLogLevel>,
+
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub log_level_out: Option<FirewallLogLevel>,
+
+ /// Enable/disable MAC address filter.
+ #[serde(deserialize_with = "proxmox_serde::perl::deserialize_bool")]
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub macfilter: Option<bool>,
+
+ /// Enable NDP (Neighbor Discovery Protocol).
+ #[serde(deserialize_with = "proxmox_serde::perl::deserialize_bool")]
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub ndp: Option<bool>,
+
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub policy_in: Option<FirewallIOPolicy>,
+
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub policy_out: Option<FirewallIOPolicy>,
+
+ /// Allow sending Router Advertisement.
+ #[serde(deserialize_with = "proxmox_serde::perl::deserialize_bool")]
+ #[serde(default, skip_serializing_if = "Option::is_none")]
+ pub radv: Option<bool>,
+}
diff --git a/proxmox-firewall-api-types/src/lib.rs
b/proxmox-firewall-api-types/src/lib.rs
index cbd4b804..c66262cc 100644
--- a/proxmox-firewall-api-types/src/lib.rs
+++ b/proxmox-firewall-api-types/src/lib.rs
@@ -8,3 +8,6 @@ pub use policy::{FirewallFWPolicy, FirewallIOPolicy};
mod cluster_options;
pub use cluster_options::FirewallClusterOptions;
+
+mod guest_options;
+pub use guest_options::FirewallGuestOptions;
--
2.47.3
