From cc9dad4f0132f62a6fbb4b7816162a02240531d0 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Wed, 20 Nov 2024 11:52:33 +0100 Subject: [PATCH] update static/schema information Signed-off-by: Thomas Lamprecht --- api-viewer/apidata.js | 984 +++++++++++++++++++++++++++++++-- pve-firewall-cluster-opts.adoc | 4 + pve-firewall-host-opts.adoc | 4 + pve-firewall-vnet-opts.adoc | 4 + 4 files changed, 964 insertions(+), 32 deletions(-) diff --git a/api-viewer/apidata.js b/api-viewer/apidata.js index 915e420..4a95464 100644 --- a/api-viewer/apidata.js +++ b/api-viewer/apidata.js @@ -1148,10 +1148,33 @@ const apiSchema = [ }, "permissions" : { "check" : [ - "perm", - "/mapping/notifications", [ - "Mapping.Modify" + "and", + [ + "perm", + "/mapping/notifications", + [ + "Mapping.Modify" + ] + ], + [ + "or", + [ + "perm", + "/", + [ + "Sys.Audit", + "Sys.Modify" + ] + ], + [ + "perm", + "/", + [ + "Sys.AccessNetwork" + ] + ] + ] ] ] }, @@ -1326,10 +1349,33 @@ const apiSchema = [ }, "permissions" : { "check" : [ - "perm", - "/mapping/notifications", [ - "Mapping.Modify" + "and", + [ + "perm", + "/mapping/notifications", + [ + "Mapping.Modify" + ] + ], + [ + "or", + [ + "perm", + "/", + [ + "Sys.Audit", + "Sys.Modify" + ] + ], + [ + "perm", + "/", + [ + "Sys.AccessNetwork" + ] + ] + ] ] ] }, @@ -1504,10 +1550,33 @@ const apiSchema = [ }, "permissions" : { "check" : [ - "perm", - "/mapping/notifications", [ - "Mapping.Modify" + "and", + [ + "perm", + "/mapping/notifications", + [ + "Mapping.Modify" + ] + ], + [ + "or", + [ + "perm", + "/", + [ + "Sys.Audit", + "Sys.Modify" + ] + ], + [ + "perm", + "/", + [ + "Sys.AccessNetwork" + ] + ] + ] ] ] }, @@ -1626,10 +1695,33 @@ const apiSchema = [ }, "permissions" : { "check" : [ - "perm", - "/mapping/notifications", [ - "Mapping.Modify" + "and", + [ + "perm", + "/mapping/notifications", + [ + "Mapping.Modify" + ] + ], + [ + "or", + [ + "perm", + "/", + [ + "Sys.Audit", + "Sys.Modify" + ] + ], + [ + "perm", + "/", + [ + "Sys.AccessNetwork" + ] + ] + ] ] ] }, @@ -1906,12 +1998,32 @@ const apiSchema = [ }, "permissions" : { "check" : [ - "or", [ - "perm", - "/mapping/notifications", + "and", [ - "Mapping.Modify" + "perm", + "/mapping/notifications", + [ + "Mapping.Modify" + ] + ], + [ + "or", + [ + "perm", + "/", + [ + "Sys.Audit", + "Sys.Modify" + ] + ], + [ + "perm", + "/", + [ + "Sys.AccessNetwork" + ] + ] ] ] ] @@ -2144,12 +2256,32 @@ const apiSchema = [ }, "permissions" : { "check" : [ - "or", [ - "perm", - "/mapping/notifications", + "and", [ - "Mapping.Modify" + "perm", + "/mapping/notifications", + [ + "Mapping.Modify" + ] + ], + [ + "or", + [ + "perm", + "/", + [ + "Sys.Audit", + "Sys.Modify" + ] + ], + [ + "perm", + "/", + [ + "Sys.AccessNetwork" + ] + ] ] ] ] @@ -2383,10 +2515,33 @@ const apiSchema = [ }, "permissions" : { "check" : [ - "perm", - "/mapping/notifications", [ - "Mapping.Modify" + "and", + [ + "perm", + "/mapping/notifications", + [ + "Mapping.Modify" + ] + ], + [ + "or", + [ + "perm", + "/", + [ + "Sys.Audit", + "Sys.Modify" + ] + ], + [ + "perm", + "/", + [ + "Sys.AccessNetwork" + ] + ] + ] ] ] }, @@ -2563,10 +2718,33 @@ const apiSchema = [ }, "permissions" : { "check" : [ - "perm", - "/mapping/notifications", [ - "Mapping.Modify" + "and", + [ + "perm", + "/mapping/notifications", + [ + "Mapping.Modify" + ] + ], + [ + "or", + [ + "perm", + "/", + [ + "Sys.Audit", + "Sys.Modify" + ] + ], + [ + "perm", + "/", + [ + "Sys.AccessNetwork" + ] + ] + ] ] ] }, @@ -4125,6 +4303,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 1, @@ -4361,6 +4540,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 0, @@ -4772,6 +4952,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 1, @@ -4961,6 +5142,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 0, @@ -5682,6 +5864,15 @@ const apiSchema = [ "optional" : 1, "type" : "string" }, + "policy_forward" : { + "description" : "Forward policy.", + "enum" : [ + "ACCEPT", + "DROP" + ], + "optional" : 1, + "type" : "string" + }, "policy_in" : { "description" : "Input policy.", "enum" : [ @@ -5771,6 +5962,15 @@ const apiSchema = [ "type" : "string", "typetext" : "[enable=]<1|0> [,burst=] [,rate=]" }, + "policy_forward" : { + "description" : "Forward policy.", + "enum" : [ + "ACCEPT", + "DROP" + ], + "optional" : 1, + "type" : "string" + }, "policy_in" : { "description" : "Input policy.", "enum" : [ @@ -10540,6 +10740,688 @@ const apiSchema = [ "children" : [ { "children" : [ + { + "children" : [ + { + "children" : [ + { + "info" : { + "DELETE" : { + "allowtoken" : 1, + "description" : "Delete rule.", + "method" : "DELETE", + "name" : "delete_rule", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "digest" : { + "description" : "Prevent changes if current configuration file has a different digest. This can be used to prevent concurrent modifications.", + "maxLength" : 64, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "pos" : { + "description" : "Update rule at position .", + "minimum" : 0, + "optional" : 1, + "type" : "integer", + "typetext" : " (0 - N)" + }, + "vnet" : { + "description" : "The SDN vnet object identifier.", + "format" : "pve-sdn-vnet-id", + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "description" : "Needs SDN.Allocate permissions on '/sdn/zones//'", + "user" : "all" + }, + "protected" : 1, + "proxyto" : null, + "returns" : { + "type" : "null" + } + }, + "GET" : { + "allowtoken" : 1, + "description" : "Get single rule data.", + "method" : "GET", + "name" : "get_rule", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "pos" : { + "description" : "Update rule at position .", + "minimum" : 0, + "optional" : 1, + "type" : "integer", + "typetext" : " (0 - N)" + }, + "vnet" : { + "description" : "The SDN vnet object identifier.", + "format" : "pve-sdn-vnet-id", + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "description" : "Needs SDN.Audit or SDN.Allocate permissions on '/sdn/zones//'", + "user" : "all" + }, + "proxyto" : null, + "returns" : { + "properties" : { + "action" : { + "type" : "string" + }, + "comment" : { + "optional" : 1, + "type" : "string" + }, + "dest" : { + "optional" : 1, + "type" : "string" + }, + "dport" : { + "optional" : 1, + "type" : "string" + }, + "enable" : { + "optional" : 1, + "type" : "integer" + }, + "icmp-type" : { + "optional" : 1, + "type" : "string" + }, + "iface" : { + "optional" : 1, + "type" : "string" + }, + "ipversion" : { + "optional" : 1, + "type" : "integer" + }, + "log" : { + "description" : "Log level for firewall rule", + "enum" : [ + "emerg", + "alert", + "crit", + "err", + "warning", + "notice", + "info", + "debug", + "nolog" + ], + "optional" : 1, + "type" : "string" + }, + "macro" : { + "optional" : 1, + "type" : "string" + }, + "pos" : { + "type" : "integer" + }, + "proto" : { + "optional" : 1, + "type" : "string" + }, + "source" : { + "optional" : 1, + "type" : "string" + }, + "sport" : { + "optional" : 1, + "type" : "string" + }, + "type" : { + "type" : "string" + } + }, + "type" : "object" + } + }, + "PUT" : { + "allowtoken" : 1, + "description" : "Modify rule data.", + "method" : "PUT", + "name" : "update_rule", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "action" : { + "description" : "Rule action ('ACCEPT', 'DROP', 'REJECT') or security group name.", + "maxLength" : 20, + "minLength" : 2, + "optional" : 1, + "pattern" : "[A-Za-z][A-Za-z0-9\\-\\_]+", + "type" : "string" + }, + "comment" : { + "description" : "Descriptive comment.", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "delete" : { + "description" : "A list of settings you want to delete.", + "format" : "pve-configid-list", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "dest" : { + "description" : "Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.", + "format" : "pve-fw-addr-spec", + "maxLength" : 512, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "digest" : { + "description" : "Prevent changes if current configuration file has a different digest. This can be used to prevent concurrent modifications.", + "maxLength" : 64, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "dport" : { + "description" : "Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\\d+:\\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.", + "format" : "pve-fw-dport-spec", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "enable" : { + "description" : "Flag to enable/disable a rule.", + "minimum" : 0, + "optional" : 1, + "type" : "integer", + "typetext" : " (0 - N)" + }, + "icmp-type" : { + "description" : "Specify icmp-type. Only valid if proto equals 'icmp' or 'icmpv6'/'ipv6-icmp'.", + "format" : "pve-fw-icmp-type-spec", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "iface" : { + "description" : "Network interface name. You have to use network configuration key names for VMs and containers ('net\\d+'). Host related rules can use arbitrary strings.", + "format" : "pve-iface", + "maxLength" : 20, + "minLength" : 2, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "log" : { + "description" : "Log level for firewall rule.", + "enum" : [ + "emerg", + "alert", + "crit", + "err", + "warning", + "notice", + "info", + "debug", + "nolog" + ], + "optional" : 1, + "type" : "string" + }, + "macro" : { + "description" : "Use predefined standard macro.", + "maxLength" : 128, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "moveto" : { + "description" : "Move rule to new position . Other arguments are ignored.", + "minimum" : 0, + "optional" : 1, + "type" : "integer", + "typetext" : " (0 - N)" + }, + "pos" : { + "description" : "Update rule at position .", + "minimum" : 0, + "optional" : 1, + "type" : "integer", + "typetext" : " (0 - N)" + }, + "proto" : { + "description" : "IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as defined in '/etc/protocols'.", + "format" : "pve-fw-protocol-spec", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "source" : { + "description" : "Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.", + "format" : "pve-fw-addr-spec", + "maxLength" : 512, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "sport" : { + "description" : "Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\\d+:\\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.", + "format" : "pve-fw-sport-spec", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "type" : { + "description" : "Rule type.", + "enum" : [ + "in", + "out", + "forward", + "group" + ], + "optional" : 1, + "type" : "string" + }, + "vnet" : { + "description" : "The SDN vnet object identifier.", + "format" : "pve-sdn-vnet-id", + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "description" : "Needs SDN.Allocate permissions on '/sdn/zones//'", + "user" : "all" + }, + "protected" : 1, + "proxyto" : null, + "returns" : { + "type" : "null" + } + } + }, + "leaf" : 1, + "path" : "/cluster/sdn/vnets/{vnet}/firewall/rules/{pos}", + "text" : "{pos}" + } + ], + "info" : { + "GET" : { + "allowtoken" : 1, + "description" : "List rules.", + "method" : "GET", + "name" : "get_rules", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "vnet" : { + "description" : "The SDN vnet object identifier.", + "format" : "pve-sdn-vnet-id", + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "description" : "Needs SDN.Audit or SDN.Allocate permissions on '/sdn/zones//'", + "user" : "all" + }, + "proxyto" : null, + "returns" : { + "items" : { + "properties" : { + "pos" : { + "type" : "integer" + } + }, + "type" : "object" + }, + "links" : [ + { + "href" : "{pos}", + "rel" : "child" + } + ], + "type" : "array" + } + }, + "POST" : { + "allowtoken" : 1, + "description" : "Create new rule.", + "method" : "POST", + "name" : "create_rule", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "action" : { + "description" : "Rule action ('ACCEPT', 'DROP', 'REJECT') or security group name.", + "maxLength" : 20, + "minLength" : 2, + "optional" : 0, + "pattern" : "[A-Za-z][A-Za-z0-9\\-\\_]+", + "type" : "string" + }, + "comment" : { + "description" : "Descriptive comment.", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "dest" : { + "description" : "Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.", + "format" : "pve-fw-addr-spec", + "maxLength" : 512, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "digest" : { + "description" : "Prevent changes if current configuration file has a different digest. This can be used to prevent concurrent modifications.", + "maxLength" : 64, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "dport" : { + "description" : "Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\\d+:\\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.", + "format" : "pve-fw-dport-spec", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "enable" : { + "description" : "Flag to enable/disable a rule.", + "minimum" : 0, + "optional" : 1, + "type" : "integer", + "typetext" : " (0 - N)" + }, + "icmp-type" : { + "description" : "Specify icmp-type. Only valid if proto equals 'icmp' or 'icmpv6'/'ipv6-icmp'.", + "format" : "pve-fw-icmp-type-spec", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "iface" : { + "description" : "Network interface name. You have to use network configuration key names for VMs and containers ('net\\d+'). Host related rules can use arbitrary strings.", + "format" : "pve-iface", + "maxLength" : 20, + "minLength" : 2, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "log" : { + "description" : "Log level for firewall rule.", + "enum" : [ + "emerg", + "alert", + "crit", + "err", + "warning", + "notice", + "info", + "debug", + "nolog" + ], + "optional" : 1, + "type" : "string" + }, + "macro" : { + "description" : "Use predefined standard macro.", + "maxLength" : 128, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "pos" : { + "description" : "Update rule at position .", + "minimum" : 0, + "optional" : 1, + "type" : "integer", + "typetext" : " (0 - N)" + }, + "proto" : { + "description" : "IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as defined in '/etc/protocols'.", + "format" : "pve-fw-protocol-spec", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "source" : { + "description" : "Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.", + "format" : "pve-fw-addr-spec", + "maxLength" : 512, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "sport" : { + "description" : "Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\\d+:\\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.", + "format" : "pve-fw-sport-spec", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "type" : { + "description" : "Rule type.", + "enum" : [ + "in", + "out", + "forward", + "group" + ], + "optional" : 0, + "type" : "string" + }, + "vnet" : { + "description" : "The SDN vnet object identifier.", + "format" : "pve-sdn-vnet-id", + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "description" : "Needs SDN.Allocate permissions on '/sdn/zones//'", + "user" : "all" + }, + "protected" : 1, + "proxyto" : null, + "returns" : { + "type" : "null" + } + } + }, + "leaf" : 0, + "path" : "/cluster/sdn/vnets/{vnet}/firewall/rules", + "text" : "rules" + }, + { + "info" : { + "GET" : { + "allowtoken" : 1, + "description" : "Get vnet firewall options.", + "method" : "GET", + "name" : "get_options", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "vnet" : { + "description" : "The SDN vnet object identifier.", + "format" : "pve-sdn-vnet-id", + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "description" : "Needs SDN.Audit or SDN.Allocate permissions on '/sdn/zones//'", + "user" : "all" + }, + "returns" : { + "properties" : { + "enable" : { + "default" : 0, + "description" : "Enable/disable firewall rules.", + "optional" : 1, + "type" : "boolean" + }, + "log_level_forward" : { + "description" : "Log level for forwarded traffic.", + "enum" : [ + "emerg", + "alert", + "crit", + "err", + "warning", + "notice", + "info", + "debug", + "nolog" + ], + "optional" : 1, + "type" : "string" + }, + "policy_forward" : { + "description" : "Forward policy.", + "enum" : [ + "ACCEPT", + "DROP" + ], + "optional" : 1, + "type" : "string" + } + }, + "type" : "object" + } + }, + "PUT" : { + "allowtoken" : 1, + "description" : "Set Firewall options.", + "method" : "PUT", + "name" : "set_options", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "delete" : { + "description" : "A list of settings you want to delete.", + "format" : "pve-configid-list", + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "digest" : { + "description" : "Prevent changes if current configuration file has a different digest. This can be used to prevent concurrent modifications.", + "maxLength" : 64, + "optional" : 1, + "type" : "string", + "typetext" : "" + }, + "enable" : { + "default" : 0, + "description" : "Enable/disable firewall rules.", + "optional" : 1, + "type" : "boolean", + "typetext" : "" + }, + "log_level_forward" : { + "description" : "Log level for forwarded traffic.", + "enum" : [ + "emerg", + "alert", + "crit", + "err", + "warning", + "notice", + "info", + "debug", + "nolog" + ], + "optional" : 1, + "type" : "string" + }, + "policy_forward" : { + "description" : "Forward policy.", + "enum" : [ + "ACCEPT", + "DROP" + ], + "optional" : 1, + "type" : "string" + }, + "vnet" : { + "description" : "The SDN vnet object identifier.", + "format" : "pve-sdn-vnet-id", + "type" : "string", + "typetext" : "" + } + } + }, + "permissions" : { + "description" : "Needs SDN.Allocate permissions on '/sdn/zones//'", + "user" : "all" + }, + "protected" : 1, + "returns" : { + "type" : "null" + } + } + }, + "leaf" : 1, + "path" : "/cluster/sdn/vnets/{vnet}/firewall/options", + "text" : "options" + } + ], + "info" : { + "GET" : { + "allowtoken" : 1, + "description" : "Directory index.", + "method" : "GET", + "name" : "index", + "parameters" : { + "additionalProperties" : 0, + "properties" : { + "vnet" : { + "description" : "The SDN vnet object identifier.", + "format" : "pve-sdn-vnet-id", + "type" : "string", + "typetext" : "" + } + } + }, + "returns" : { + "items" : { + "properties" : {}, + "type" : "object" + }, + "links" : [ + { + "href" : "{name}", + "rel" : "child" + } + ], + "type" : "array" + } + } + }, + "leaf" : 0, + "path" : "/cluster/sdn/vnets/{vnet}/firewall", + "text" : "firewall" + }, { "children" : [ { @@ -14053,6 +14935,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 1, @@ -14272,6 +15155,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 0, @@ -33227,6 +34111,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 1, @@ -33446,6 +34331,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 0, @@ -47967,6 +48853,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 1, @@ -48170,6 +49057,7 @@ const apiSchema = [ "enum" : [ "in", "out", + "forward", "group" ], "optional" : 0, @@ -48232,6 +49120,22 @@ const apiSchema = [ "optional" : 1, "type" : "boolean" }, + "log_level_forward" : { + "description" : "Log level for forwarded traffic.", + "enum" : [ + "emerg", + "alert", + "crit", + "err", + "warning", + "notice", + "info", + "debug", + "nolog" + ], + "optional" : 1, + "type" : "string" + }, "log_level_in" : { "description" : "Log level for incoming traffic.", "enum" : [ @@ -48410,6 +49314,22 @@ const apiSchema = [ "type" : "boolean", "typetext" : "" }, + "log_level_forward" : { + "description" : "Log level for forwarded traffic.", + "enum" : [ + "emerg", + "alert", + "crit", + "err", + "warning", + "notice", + "info", + "debug", + "nolog" + ], + "optional" : 1, + "type" : "string" + }, "log_level_in" : { "description" : "Log level for incoming traffic.", "enum" : [ @@ -50541,9 +51461,9 @@ const apiSchema = [ "default" : "login", "description" : "Run specific command or default to login (requires 'root@pam')", "enum" : [ - "login", + "upgrade", "ceph_install", - "upgrade" + "login" ], "optional" : 1, "type" : "string" @@ -50636,9 +51556,9 @@ const apiSchema = [ "default" : "login", "description" : "Run specific command or default to login (requires 'root@pam')", "enum" : [ - "login", + "upgrade", "ceph_install", - "upgrade" + "login" ], "optional" : 1, "type" : "string" @@ -50761,9 +51681,9 @@ const apiSchema = [ "default" : "login", "description" : "Run specific command or default to login (requires 'root@pam')", "enum" : [ - "login", + "upgrade", "ceph_install", - "upgrade" + "login" ], "optional" : 1, "type" : "string" diff --git a/pve-firewall-cluster-opts.adoc b/pve-firewall-cluster-opts.adoc index d795e9f..7d72296 100644 --- a/pve-firewall-cluster-opts.adoc +++ b/pve-firewall-cluster-opts.adoc @@ -22,6 +22,10 @@ Enable or disable log rate limiting Frequency with which the burst bucket gets refilled +`policy_forward`: `` :: + +Forward policy. + `policy_in`: `` :: Input policy. diff --git a/pve-firewall-host-opts.adoc b/pve-firewall-host-opts.adoc index f9adbc5..d561d0b 100644 --- a/pve-firewall-host-opts.adoc +++ b/pve-firewall-host-opts.adoc @@ -2,6 +2,10 @@ Enable host firewall rules. +`log_level_forward`: `` :: + +Log level for forwarded traffic. + `log_level_in`: `` :: Log level for incoming traffic. diff --git a/pve-firewall-vnet-opts.adoc b/pve-firewall-vnet-opts.adoc index ed1e88f..2301828 100644 --- a/pve-firewall-vnet-opts.adoc +++ b/pve-firewall-vnet-opts.adoc @@ -2,6 +2,10 @@ Enable/disable firewall rules. +`log_level_forward`: `` :: + +Log level for forwarded traffic. + `policy_forward`: `` :: Forward policy.