From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id B54F61FF165 for ; Thu, 6 Nov 2025 17:58:14 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4B0301DEC7; Thu, 6 Nov 2025 17:58:56 +0100 (CET) Date: Thu, 06 Nov 2025 17:58:22 +0100 Message-Id: Cc: "pdm-devel" From: =?utf-8?q?Michael_K=C3=B6ppl?= To: "Proxmox Datacenter Manager development discussion" Mime-Version: 1.0 X-Mailer: aerc 0.21.0 References: <20251105163546.450094-1-h.laimer@proxmox.com> <20251105163546.450094-11-h.laimer@proxmox.com> In-Reply-To: <20251105163546.450094-11-h.laimer@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1762448283741 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.038 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pdm-devel] [PATCH proxmox-datacenter-manager v2 2/4] api: firewall: add option, rules and status endpoints X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" 1 comment inline On Wed Nov 5, 2025 at 5:35 PM CET, Hannes Laimer wrote: > +#[derive(Clone, Debug)] > +struct ClusterFirewallData { > + status: Option, > + guests: Vec, > +} > + > +async fn fetch_cluster_firewall_data( > + _context: (), > + remote: Remote, > + _node: String, // unused for cluster-level data > +) -> Result { > + let pve = crate::connection::make_pve_client(&remote)?; > + > + let guests = match pve.cluster_resources(Some(ClusterResourceKind::Vm)).await { > + Ok(guests) => guests, > + Err(_) => { > + return Ok(ClusterFirewallData { > + status: None, > + guests: vec![], > + }); > + } > + }; > + > + let options_response = pve.cluster_firewall_options(); > + let rules_response = pve.list_cluster_firewall_rules(); > + > + let enabled = options_response.await.map(|opts| opts.enable != Some(0)); Shouldn't this be opts.enable == Some(1), as otherwise the firewall will also be shown as enabled for a newly-created cluster where the /etc/pve/firewall/cluster.fw file has not been created yet (i.e. the firewall is shown as off in the PVE web UI). > + let rules = rules_response.await.map(|rules| { > + let all = rules.len(); > + let active = rules.iter().filter(|r| r.enable == Some(1)).count(); > + RuleStat { all, active } > + }); > + > + let status = match (enabled, rules) { > + (Ok(enabled), Ok(rules)) => Some(FirewallStatus { enabled, rules }), > + _ => None, > + }; > + > + Ok(ClusterFirewallData { status, guests }) > +} > + _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel