[pdm-devel] [PATCH proxmox-datacenter-manager v3 2/4] api: firewall: add option, rules and status endpoints
Stefan Hanreich
s.hanreich at proxmox.com
Wed Nov 12 12:27:03 CET 2025
On 11/12/25 12:21 PM, Thomas Lamprecht wrote:
> Am 12.11.25 um 11:52 schrieb Stefan Hanreich:
>> some comments inline
>>
>> On 11/10/25 6:25 PM, Hannes Laimer wrote:
>>> This adds the following endpoints
>>> * for all PVE remotes:
>>> - GET /pve/firewall/status
>>>
>>> * for PVE remotes
>>> - GET pve/remotes/{remote}/firewall/options
>>> - PUT pve/remotes/{remote}/firewall/options
>>> - GET pve/remotes/{remote}/firewall/rules
>>> - GET pve/remotes/{remote}/firewall/status
>>>
>>> * for PVE node
>>> - GET pve/remotes/{remote}/nodes/{node}/firewall/options
>>> - PUT pve/remotes/{remote}/nodes/{node}/firewall/options
>>> - GET pve/remotes/{remote}/nodes/{node}/firewall/rules
>>> - GET pve/remotes/{remote}/nodes/{node}/firewall/status
>>>
>>> * for guests (both lxc and qemu)
>>> - GET pve/remotes/{remote}/[lxc|qemu]/{vmid}/firewall/options
>>> - PUT pve/remotes/{remote}/[lxc|qemu]/{vmid}/firewall/options
>>> - GET pve/remotes/{remote}/[lxc|qemu]/{vmid}/firewall/rules
>>
>> Would it potentially make sense to mirror the PVE API here, i.e.
>>
>> pve/remotes/{remote}/nodes/{node}/[lxc|qemu]/{vmid}/firewall/options
>>
>> might be annoying to always have to know the node a guest resides on though
>
> That and I'm not sure about what the actual benefit of doing that would
> be here? Or just for using the same as in PVE? While I'd not promote
> deviating from existing product APIs, especially not just for the sake
> of it. OTOH leveraging what PDM can do and also avoiding historic
> mistakes that are either not worthwhile or just hard to fix in the
> original implementation can both be valid reason to deviate.
Yeah, the only benefit would be mirroring the PVE API, but there's a
good argument against that here.
More information about the pdm-devel
mailing list