add auto-generated cluster firewall options

Makefile

@@ -3,7 +3,7 @@ RELEASE=4.1
 PVESM_SOURCES=attributes.txt pvesm.adoc pvesm.1-synopsis.adoc $(shell ls pve-storage-*.adoc)
 PVEUM_SOURCES=attributes.txt pveum.adoc pveum.1-synopsis.adoc
 VZDUMP_SOURCES=attributes.txt vzdump.adoc vzdump.1-synopsis.adoc
-PVEFW_SOURCES=attributes.txt pve-firewall.adoc pve-firewall-rules-opts.adoc pve-firewall-macros.adoc pve-firewall.8-synopsis.adoc
+PVEFW_SOURCES=attributes.txt pve-firewall.adoc pve-firewall-rules-opts.adoc pve-firewall-cluster-opts.adoc pve-firewall-macros.adoc pve-firewall.8-synopsis.adoc
 QM_SOURCES=attributes.txt qm.adoc qm.1-synopsis.adoc
 PCT_SOURCES=attributes.txt pct.adoc pct.1-synopsis.adoc
 PVEAM_SOURCES=attributes.txt pveam.adoc pveam.1-synopsis.adoc
@@ -79,6 +79,10 @@ all: pve-admin-guide.html
 	asciidoc ${ADOC_MAN8_HTML_ARGS} -o $@ $*.adoc
 	test -z "$${NOVIEW}" && $(BROWSER) $@ &
 
+pve-firewall-cluster-opts.adoc:
+	./gen-pve-firewall-cluster-opts.pl >$@.tmp
+	mv $@.tmp $@
+
 pve-firewall-rules-opts.adoc:
 	./gen-pve-firewall-rules-opts-adoc.pl >$@.tmp
 	mv $@.tmp $@

gen-pve-firewall-cluster-opts.pl

@@ -0,0 +1,11 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use PVE::Firewall;
+use PVE::RESTHandler;
+
+my $prop = $PVE::Firewall::cluster_option_properties;
+
+print PVE::RESTHandler::dump_properties($prop);

pve-firewall-cluster-opts.adoc

@@ -0,0 +1,12 @@
+`enable`: `integer (0 - N)` ::
+
+Enable or disable the firewall cluster wide.
+
+`policy_in`: `(ACCEPT | DROP | REJECT)` ::
+
+Input policy.
+
+`policy_out`: `(ACCEPT | DROP | REJECT)` ::
+
+Output policy.
+

pve-firewall.adoc

@@ -93,6 +93,8 @@ The configuration can contain the following sections:
 
 This is used to set cluster wide firewall options.
 
+include::pve-firewall-cluster-opts.adoc[]
+
 NOTE: The firewall is completely disabled by default, so you need to
 set the enable option here: