[pdm-devel] [PATCH proxmox-datacenter-manager v3 2/4] api: firewall: add option, rules and status endpoints
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Nov 12 12:22:17 CET 2025
Am 12.11.25 um 11:52 schrieb Stefan Hanreich:
> some comments inline
>
> On 11/10/25 6:25 PM, Hannes Laimer wrote:
>> This adds the following endpoints
>> * for all PVE remotes:
>> - GET /pve/firewall/status
>>
>> * for PVE remotes
>> - GET pve/remotes/{remote}/firewall/options
>> - PUT pve/remotes/{remote}/firewall/options
>> - GET pve/remotes/{remote}/firewall/rules
>> - GET pve/remotes/{remote}/firewall/status
>>
>> * for PVE node
>> - GET pve/remotes/{remote}/nodes/{node}/firewall/options
>> - PUT pve/remotes/{remote}/nodes/{node}/firewall/options
>> - GET pve/remotes/{remote}/nodes/{node}/firewall/rules
>> - GET pve/remotes/{remote}/nodes/{node}/firewall/status
>>
>> * for guests (both lxc and qemu)
>> - GET pve/remotes/{remote}/[lxc|qemu]/{vmid}/firewall/options
>> - PUT pve/remotes/{remote}/[lxc|qemu]/{vmid}/firewall/options
>> - GET pve/remotes/{remote}/[lxc|qemu]/{vmid}/firewall/rules
>
> Would it potentially make sense to mirror the PVE API here, i.e.
>
> pve/remotes/{remote}/nodes/{node}/[lxc|qemu]/{vmid}/firewall/options
>
> might be annoying to always have to know the node a guest resides on though
That and I'm not sure about what the actual benefit of doing that would
be here? Or just for using the same as in PVE? While I'd not promote
deviating from existing product APIs, especially not just for the sake
of it. OTOH leveraging what PDM can do and also avoiding historic
mistakes that are either not worthwhile or just hard to fix in the
original implementation can both be valid reason to deviate.
More information about the pdm-devel
mailing list