From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 522E01FF142 for ; Mon, 02 Mar 2026 13:26:27 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0F9001DFBE; Mon, 2 Mar 2026 13:27:29 +0100 (CET) Message-ID: <6f2899ea-52d8-401a-a9ea-361f98a6fd26@proxmox.com> Date: Mon, 2 Mar 2026 13:27:25 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RFC proxmox 05/22] firewall-api-types: add FirewallClusterOptions To: Dietmar Maurer , pve-devel@lists.proxmox.com References: <20260216104401.3959270-1-dietmar@proxmox.com> <20260216104401.3959270-6-dietmar@proxmox.com> Content-Language: en-US From: Stefan Hanreich In-Reply-To: <20260216104401.3959270-6-dietmar@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.724 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: YMY4K7WS4FWNBHHKMJJJSTKFHUPLJQ77 X-Message-ID-Hash: YMY4K7WS4FWNBHHKMJJJSTKFHUPLJQ77 X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: comment inline On 2/16/26 11:45 AM, Dietmar Maurer wrote: > +#[api( > + properties: { > + ebtables: { > + default: true, > + optional: true, > + }, > + enable: { > + default: 0, > + minimum: 0, > + optional: true, > + type: Integer, > + }, > + log_ratelimit: { > + format: &ApiStringFormat::PropertyString(&FirewallLogRateLimit::API_SCHEMA), > + optional: true, > + type: String, > + }, > + policy_forward: { > + optional: true, > + type: FirewallFWPolicy, > + }, > + policy_in: { > + optional: true, > + type: FirewallIOPolicy, > + }, > + policy_out: { > + optional: true, > + type: FirewallIOPolicy, > + }, > + }, > +)] > +/// Cluster Firewall Options > +#[derive(Debug, serde::Deserialize, serde::Serialize)] > +pub struct FirewallClusterOptions { > + /// Enable ebtables rules cluster wide. > + #[serde(deserialize_with = "proxmox_serde::perl::deserialize_bool")] > + #[serde(default, skip_serializing_if = "Option::is_none")] > + pub ebtables: Option, > + > + /// Enable or disable the firewall cluster wide. > + #[serde(deserialize_with = "proxmox_serde::perl::deserialize_u64")] > + #[serde(default, skip_serializing_if = "Option::is_none")] > + pub enable: Option, > + > + /// Log ratelimiting settings > + #[serde(default, skip_serializing_if = "Option::is_none")] > + pub log_ratelimit: Option, > + > + #[serde(default, skip_serializing_if = "Option::is_none")] > + pub policy_forward: Option, > + > + #[serde(default, skip_serializing_if = "Option::is_none")] > + pub policy_in: Option, > + > + #[serde(default, skip_serializing_if = "Option::is_none")] > + pub policy_out: Option, > +} The configuration options all have default values, if unset. Might make sense to add helper methods that return them if the fields are unset, similar to how its done in ve-config? [1]. Applies to the other option structs as well. [1] https://git.proxmox.com/?p=proxmox-ve-rs.git;a=blob;f=proxmox-ve-config/src/firewall/cluster.rs;h=69d3bcd6d9cd97e01bcb8847ff1a609f40e455a6;hb=HEAD#l20