From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 4BD141FF142
	for <inbox@lore.proxmox.com>; Mon, 16 Feb 2026 11:44:09 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id C7912C82A;
	Mon, 16 Feb 2026 11:44:33 +0100 (CET)
From: Dietmar Maurer <dietmar@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [RFC proxmox 09/22] firewall-api-types: add FirewallRef type
Date: Mon, 16 Feb 2026 11:43:47 +0100
Message-ID: <20260216104401.3959270-10-dietmar@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260216104401.3959270-1-dietmar@proxmox.com>
References: <20260216104401.3959270-1-dietmar@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
	AWL                    -0.574 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	KAM_LAZY_DOMAIN_SECURITY      1 Sending domain does not have any anti-forgery
 methods
	RDNS_NONE               0.793 Delivered to internal network by a host with no
 rDNS
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Message-ID-Hash: IWOUR6YTVXSAESMNGWBHYMUSBJ4NKHXF
X-Message-ID-Hash: IWOUR6YTVXSAESMNGWBHYMUSBJ4NKHXF
X-MailFrom: dietmar@zilli.proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

Introduce FirewallRef struct and FirewallRefType enum for representing
firewall address references (aliases and ipsets) with their metadata
(name, reference string, scope, and optional comment).

The FirewallRefType enum includes an UnknownEnumValue variant behind
the "enum-fallback" feature flag for forward compatibility with
unknown variants.

Extracted from Perl API.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
---
 .../src/firewall_ref.rs                       | 62 +++++++++++++++++++
 proxmox-firewall-api-types/src/lib.rs         |  3 +
 2 files changed, 65 insertions(+)
 create mode 100644 proxmox-firewall-api-types/src/firewall_ref.rs

diff --git a/proxmox-firewall-api-types/src/firewall_ref.rs b/proxmox-firewall-api-types/src/firewall_ref.rs
new file mode 100644
index 00000000..483e57ce
--- /dev/null
+++ b/proxmox-firewall-api-types/src/firewall_ref.rs
@@ -0,0 +1,62 @@
+use serde::{Deserialize, Serialize};
+
+#[cfg(feature = "enum-fallback")]
+use proxmox_fixed_string::FixedString;
+use proxmox_schema::api;
+
+#[api]
+/// Firewall address reference type (ipset or alias).
+#[derive(Clone, Copy, Debug, PartialEq, Deserialize, Serialize)]
+pub enum FirewallRefType {
+    #[serde(rename = "alias")]
+    /// alias.
+    Alias,
+    #[serde(rename = "ipset")]
+    /// ipset.
+    Ipset,
+    /// Unknown variants for forward compatibility.
+    #[cfg(feature = "enum-fallback")]
+    #[serde(untagged)]
+    UnknownEnumValue(FixedString),
+}
+
+#[api(
+    properties: {
+        comment: {
+            optional: true,
+            type: String,
+            description: "Descriptive comment",
+        },
+        name: {
+            type: String,
+            description: "The name of the alias or ipset.",
+        },
+        "ref": {
+            type: String,
+            description: "The reference string used in firewall rules.",
+        },
+        scope: {
+            type: String,
+            description: "The scope of the reference (e.g., SDN).",
+        },
+        type: {
+            type: FirewallRefType,
+        },
+    },
+)]
+/// Firewall address reference information.
+#[derive(Clone, Debug, PartialEq, serde::Deserialize, serde::Serialize)]
+pub struct FirewallRef {
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub comment: Option<String>,
+
+    pub name: String,
+
+    #[serde(rename = "ref")]
+    pub r#ref: String,
+
+    pub scope: String,
+
+    #[serde(rename = "type")]
+    pub ty: FirewallRefType,
+}
diff --git a/proxmox-firewall-api-types/src/lib.rs b/proxmox-firewall-api-types/src/lib.rs
index ef672bfe..993115d8 100644
--- a/proxmox-firewall-api-types/src/lib.rs
+++ b/proxmox-firewall-api-types/src/lib.rs
@@ -17,3 +17,6 @@ pub use guest_options::FirewallGuestOptions;
 
 mod node_options;
 pub use node_options::FirewallNodeOptions;
+
+mod firewall_ref;
+pub use firewall_ref::{FirewallRef, FirewallRefType};
-- 
2.47.3