proxcli 0.4.0__tar.gz → 0.5.0__tar.gz

{proxcli-0.4.0 → proxcli-0.5.0}/CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.5.0] - 2026-06-20
+
+### Added
+- Pool management (`proxmox pool`): list, show, create, update, delete.
+  Wraps `/pools` endpoints.
+
 ## [0.4.0] - 2026-06-20
 
 ### Added
@@ -61,6 +67,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - CSRF ticket auto-refresh on 401.
 - AI-agent-friendly: default JSON output, strict exit codes, `--dry-run` mode.
 
+[0.5.0]: https://github.com/xezpeleta/proxcli/releases/tag/v0.5.0
 [0.4.0]: https://github.com/xezpeleta/proxcli/releases/tag/v0.4.0
 [0.3.0]: https://github.com/xezpeleta/proxcli/releases/tag/v0.3.0
 [0.2.1]: https://github.com/xezpeleta/proxcli/releases/tag/v0.2.1

{proxcli-0.4.0 → proxcli-0.5.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: proxcli
-Version: 0.4.0
+Version: 0.5.0
 Summary: A CLI tool to interact with Proxmox VE nodes and clusters via the REST API
 Author-email: Xabi Ezpeleta <xezpeleta@gmail.com>
 License: MIT
@@ -141,6 +141,18 @@ proxmox vm reboot <vmid> [--node <node>]
 proxmox vm suspend <vmid> [--node <node>]
 proxmox vm resume <vmid> [--node <node>]
 proxmox vm delete <vmid> [--node <node>] [--force] [--purge]
+
+# VM firewall
+proxmox vm firewall options <vmid> [--node <node>]
+proxmox vm firewall enable <vmid> [--node <node>]
+proxmox vm firewall disable <vmid> [--node <node>]
+proxmox vm firewall policy <vmid> --in-policy ACCEPT --out-policy DROP [--node <node>]
+proxmox vm firewall rules list <vmid> [--node <node>]
+proxmox vm firewall rules add <vmid> --action ACCEPT --dport 22 --proto tcp [--source <cidr>] [--comment <text>]
+proxmox vm firewall rules show <vmid> <pos>
+proxmox vm firewall rules update <vmid> <pos> --action DROP
+proxmox vm firewall rules delete <vmid> <pos>
+proxmox vm firewall refs <vmid> [--type alias|ipset|group]
 ```
 
 ### Container (LXC)
@@ -152,6 +164,18 @@ proxmox container create --node <node> --vmid <id> --ostemplate <tmpl> [--memory
 proxmox container start <vmid> [--node <node>]
 proxmox container stop <vmid> [--node <node>]
 proxmox container delete <vmid> [--node <node>] [--force] [--purge]
+
+# Container firewall
+proxmox container firewall options <vmid> [--node <node>]
+proxmox container firewall enable <vmid> [--node <node>]
+proxmox container firewall disable <vmid> [--node <node>]
+proxmox container firewall policy <vmid> --in-policy ACCEPT --out-policy DROP
+proxmox container firewall rules list <vmid> [--node <node>]
+proxmox container firewall rules add <vmid> --action ACCEPT --dport 22 --proto tcp
+proxmox container firewall rules show <vmid> <pos>
+proxmox container firewall rules update <vmid> <pos> --action DROP
+proxmox container firewall rules delete <vmid> <pos>
+proxmox container firewall refs <vmid> [--type alias|ipset|group]
 ```
 
 ### Node
@@ -160,6 +184,18 @@ proxmox container delete <vmid> [--node <node>] [--force] [--purge]
 proxmox node list
 proxmox node show <node>
 proxmox node status [<node>]
+
+# Node firewall
+proxmox node firewall options <node>
+proxmox node firewall enable <node>
+proxmox node firewall disable <node>
+proxmox node firewall policy <node> --in-policy ACCEPT --out-policy DROP
+proxmox node firewall rules list <node>
+proxmox node firewall rules add <node> --action ACCEPT --dport 22 --proto tcp
+proxmox node firewall rules show <node> <pos>
+proxmox node firewall rules update <node> <pos> --action DROP
+proxmox node firewall rules delete <node> <pos>
+proxmox node firewall refs <node> [--type alias|ipset|group]
 ```
 
 ### Storage
@@ -168,12 +204,45 @@ proxmox node status [<node>]
 proxmox storage list [--node <node>]
 proxmox storage show <storage>
 proxmox storage content <storage> [--node <node>]
+proxmox storage upload --node <node> --storage <storage> --file <path> [--content-type iso|vztmpl|import]
+```
+
+### Pool
+
+```bash
+proxmox pool list
+proxmox pool show <poolid>
+proxmox pool create <poolid> [--comment <text>]
+proxmox pool update <poolid> [--comment <text>] [--allow-delete]
+proxmox pool delete <poolid>
 ```
 
 ### Cluster
 
 ```bash
 proxmox cluster status
+
+# Cluster firewall
+proxmox cluster firewall options
+proxmox cluster firewall enable
+proxmox cluster firewall disable
+proxmox cluster firewall policy --in-policy ACCEPT --out-policy DROP
+proxmox cluster firewall rules                                      # list (shorthand)
+proxmox cluster firewall rules list                                 # list (explicit)
+proxmox cluster firewall rules add --action ACCEPT --dport 22 --source 10.0.0.0/8
+proxmox cluster firewall rules show <pos>
+proxmox cluster firewall rules update <pos> --action DROP
+proxmox cluster firewall rules delete <pos>
+proxmox cluster firewall aliases                                    # list (shorthand)
+proxmox cluster firewall aliases add <name> --cidr 10.0.0.0/24 --comment "web tier"
+proxmox cluster firewall aliases delete <name>
+proxmox cluster firewall ipsets                                     # list (shorthand)
+proxmox cluster firewall ipsets add <name> --comment "trusted hosts"
+proxmox cluster firewall ipsets show <name>
+proxmox cluster firewall ipsets delete <name>
+proxmox cluster firewall ipsets add-cidr <name> --cidr 192.168.1.0/24
+proxmox cluster firewall ipsets delete-cidr <name> --cidr 192.168.1.0/24
+proxmox cluster firewall refs [--type alias|ipset|group]
 ```
 
 ### Task
@@ -260,3 +329,32 @@ uv build
 ## License
 
 MIT
+
+## Firewall Rule Options
+
+Firewall rules share the same flags across cluster, node, VM, and container. The `--macro` flag can be used as a shortcut for common services (e.g., `--macro SSH` sets up port 22/tcp).
+
+| Flag | Values | Description |
+|---|---|---|
+| `--action` | `ACCEPT`, `DENY`, `REJECT` | Rule action (required for `add`) |
+| `--type` | `in`, `out` | Traffic direction (default: `in`) |
+| `--iface` | e.g. `net0` | Network interface |
+| `--source` | CIDR | Source IP/CIDR |
+| `--dest` | CIDR | Destination IP/CIDR |
+| `--dport` | e.g. `80` or `8000-9000` | Destination port |
+| `--sport` | e.g. `1024-65535` | Source port |
+| `--proto` | `tcp`, `udp`, `icmp`, `any` | Protocol |
+| `--macro` | e.g. `SSH`, `HTTP`, `HTTPS`, `Ping` | Pre-defined service macro |
+| `--comment` | text | Comment / description |
+| `--enable` | `0`, `1` | Enable the rule (default: `1`) |
+| `--log` | `emerg`..`debug`, `nolog` | Log level |
+
+Example:
+
+```bash
+# Allow SSH from a specific subnet
+proxmox vm firewall rules add 100 --action ACCEPT --dport 22 --proto tcp --source 192.168.1.0/24 --comment "Admin SSH"
+
+# Or use a macro
+proxmox vm firewall rules add 100 --action ACCEPT --macro SSH --source 192.168.1.0/24
+```

{proxcli-0.4.0 → proxcli-0.5.0}/README.md

@@ -118,6 +118,18 @@ proxmox vm reboot <vmid> [--node <node>]
 proxmox vm suspend <vmid> [--node <node>]
 proxmox vm resume <vmid> [--node <node>]
 proxmox vm delete <vmid> [--node <node>] [--force] [--purge]
+
+# VM firewall
+proxmox vm firewall options <vmid> [--node <node>]
+proxmox vm firewall enable <vmid> [--node <node>]
+proxmox vm firewall disable <vmid> [--node <node>]
+proxmox vm firewall policy <vmid> --in-policy ACCEPT --out-policy DROP [--node <node>]
+proxmox vm firewall rules list <vmid> [--node <node>]
+proxmox vm firewall rules add <vmid> --action ACCEPT --dport 22 --proto tcp [--source <cidr>] [--comment <text>]
+proxmox vm firewall rules show <vmid> <pos>
+proxmox vm firewall rules update <vmid> <pos> --action DROP
+proxmox vm firewall rules delete <vmid> <pos>
+proxmox vm firewall refs <vmid> [--type alias|ipset|group]
 ```
 
 ### Container (LXC)
@@ -129,6 +141,18 @@ proxmox container create --node <node> --vmid <id> --ostemplate <tmpl> [--memory
 proxmox container start <vmid> [--node <node>]
 proxmox container stop <vmid> [--node <node>]
 proxmox container delete <vmid> [--node <node>] [--force] [--purge]
+
+# Container firewall
+proxmox container firewall options <vmid> [--node <node>]
+proxmox container firewall enable <vmid> [--node <node>]
+proxmox container firewall disable <vmid> [--node <node>]
+proxmox container firewall policy <vmid> --in-policy ACCEPT --out-policy DROP
+proxmox container firewall rules list <vmid> [--node <node>]
+proxmox container firewall rules add <vmid> --action ACCEPT --dport 22 --proto tcp
+proxmox container firewall rules show <vmid> <pos>
+proxmox container firewall rules update <vmid> <pos> --action DROP
+proxmox container firewall rules delete <vmid> <pos>
+proxmox container firewall refs <vmid> [--type alias|ipset|group]
 ```
 
 ### Node
@@ -137,6 +161,18 @@ proxmox container delete <vmid> [--node <node>] [--force] [--purge]
 proxmox node list
 proxmox node show <node>
 proxmox node status [<node>]
+
+# Node firewall
+proxmox node firewall options <node>
+proxmox node firewall enable <node>
+proxmox node firewall disable <node>
+proxmox node firewall policy <node> --in-policy ACCEPT --out-policy DROP
+proxmox node firewall rules list <node>
+proxmox node firewall rules add <node> --action ACCEPT --dport 22 --proto tcp
+proxmox node firewall rules show <node> <pos>
+proxmox node firewall rules update <node> <pos> --action DROP
+proxmox node firewall rules delete <node> <pos>
+proxmox node firewall refs <node> [--type alias|ipset|group]
 ```
 
 ### Storage
@@ -145,12 +181,45 @@ proxmox node status [<node>]
 proxmox storage list [--node <node>]
 proxmox storage show <storage>
 proxmox storage content <storage> [--node <node>]
+proxmox storage upload --node <node> --storage <storage> --file <path> [--content-type iso|vztmpl|import]
+```
+
+### Pool
+
+```bash
+proxmox pool list
+proxmox pool show <poolid>
+proxmox pool create <poolid> [--comment <text>]
+proxmox pool update <poolid> [--comment <text>] [--allow-delete]
+proxmox pool delete <poolid>
 ```
 
 ### Cluster
 
 ```bash
 proxmox cluster status
+
+# Cluster firewall
+proxmox cluster firewall options
+proxmox cluster firewall enable
+proxmox cluster firewall disable
+proxmox cluster firewall policy --in-policy ACCEPT --out-policy DROP
+proxmox cluster firewall rules                                      # list (shorthand)
+proxmox cluster firewall rules list                                 # list (explicit)
+proxmox cluster firewall rules add --action ACCEPT --dport 22 --source 10.0.0.0/8
+proxmox cluster firewall rules show <pos>
+proxmox cluster firewall rules update <pos> --action DROP
+proxmox cluster firewall rules delete <pos>
+proxmox cluster firewall aliases                                    # list (shorthand)
+proxmox cluster firewall aliases add <name> --cidr 10.0.0.0/24 --comment "web tier"
+proxmox cluster firewall aliases delete <name>
+proxmox cluster firewall ipsets                                     # list (shorthand)
+proxmox cluster firewall ipsets add <name> --comment "trusted hosts"
+proxmox cluster firewall ipsets show <name>
+proxmox cluster firewall ipsets delete <name>
+proxmox cluster firewall ipsets add-cidr <name> --cidr 192.168.1.0/24
+proxmox cluster firewall ipsets delete-cidr <name> --cidr 192.168.1.0/24
+proxmox cluster firewall refs [--type alias|ipset|group]
 ```
 
 ### Task
@@ -237,3 +306,32 @@ uv build
 ## License
 
 MIT
+
+## Firewall Rule Options
+
+Firewall rules share the same flags across cluster, node, VM, and container. The `--macro` flag can be used as a shortcut for common services (e.g., `--macro SSH` sets up port 22/tcp).
+
+| Flag | Values | Description |
+|---|---|---|
+| `--action` | `ACCEPT`, `DENY`, `REJECT` | Rule action (required for `add`) |
+| `--type` | `in`, `out` | Traffic direction (default: `in`) |
+| `--iface` | e.g. `net0` | Network interface |
+| `--source` | CIDR | Source IP/CIDR |
+| `--dest` | CIDR | Destination IP/CIDR |
+| `--dport` | e.g. `80` or `8000-9000` | Destination port |
+| `--sport` | e.g. `1024-65535` | Source port |
+| `--proto` | `tcp`, `udp`, `icmp`, `any` | Protocol |
+| `--macro` | e.g. `SSH`, `HTTP`, `HTTPS`, `Ping` | Pre-defined service macro |
+| `--comment` | text | Comment / description |
+| `--enable` | `0`, `1` | Enable the rule (default: `1`) |
+| `--log` | `emerg`..`debug`, `nolog` | Log level |
+
+Example:
+
+```bash
+# Allow SSH from a specific subnet
+proxmox vm firewall rules add 100 --action ACCEPT --dport 22 --proto tcp --source 192.168.1.0/24 --comment "Admin SSH"
+
+# Or use a macro
+proxmox vm firewall rules add 100 --action ACCEPT --macro SSH --source 192.168.1.0/24
+```

{proxcli-0.4.0 → proxcli-0.5.0}/proxmox/cli/main.py

@@ -59,6 +59,7 @@ def build_root_parser() -> argparse.ArgumentParser:
     from proxmox.cli.cluster import register_cluster_parser
     from proxmox.cli.container import register_container_parser
     from proxmox.cli.node import register_node_parser
+    from proxmox.cli.pool import register_pool_parser
     from proxmox.cli.storage import register_storage_parser
     from proxmox.cli.tasks import register_task_parser
     from proxmox.cli.vm import register_vm_parser
@@ -66,6 +67,7 @@ def build_root_parser() -> argparse.ArgumentParser:
     register_auth_parser(subparsers)
     register_vm_parser(subparsers)
     register_node_parser(subparsers)
+    register_pool_parser(subparsers)
     register_container_parser(subparsers)
     register_storage_parser(subparsers)
     register_cluster_parser(subparsers)

proxcli-0.5.0/proxmox/cli/pool.py

@@ -0,0 +1,74 @@
+"""`proxmox pool` subcommand — resource pool management."""
+
+from __future__ import annotations
+
+import argparse
+
+from proxmox.client.client import ProxmoxClient
+
+
+def register_pool_parser(subparsers: argparse._SubParsersAction) -> None:
+    """Register the `proxmox pool` subcommand tree."""
+    pool_parser = subparsers.add_parser("pool", help="Manage resource pools")
+    pool_sub = pool_parser.add_subparsers(dest="action", title="actions", required=True)
+
+    # --- pool list ---
+    pool_list = pool_sub.add_parser("list", help="List all pools")
+    pool_list.set_defaults(func=_pool_list)
+
+    # --- pool show ---
+    pool_show = pool_sub.add_parser("show", help="Show pool details and members")
+    pool_show.add_argument("poolid", help="Pool ID")
+    pool_show.set_defaults(func=_pool_show)
+
+    # --- pool create ---
+    pool_create = pool_sub.add_parser("create", help="Create a new pool")
+    pool_create.add_argument("poolid", help="Pool ID")
+    pool_create.add_argument("--comment", default=None, help="Pool description / comment")
+    pool_create.set_defaults(func=_pool_create)
+
+    # --- pool update ---
+    pool_update = pool_sub.add_parser("update", help="Update a pool's comment")
+    pool_update.add_argument("poolid", help="Pool ID")
+    pool_update.add_argument("--comment", default=None, help="New comment (omit to clear)")
+    pool_update.add_argument("--allow-delete", action="store_true", help="Allow deletion of pool comment")
+    pool_update.set_defaults(func=_pool_update)
+
+    # --- pool delete ---
+    pool_delete = pool_sub.add_parser("delete", help="Delete a pool")
+    pool_delete.add_argument("poolid", help="Pool ID")
+    pool_delete.set_defaults(func=_pool_delete)
+
+
+# ---------------------------------------------------------------------------
+# Handlers
+# ---------------------------------------------------------------------------
+
+def _pool_list(_args: argparse.Namespace, client: ProxmoxClient) -> dict | list:
+    return client.get("/pools")
+
+
+def _pool_show(args: argparse.Namespace, client: ProxmoxClient) -> dict:
+    return client.get(f"/pools/{args.poolid}")
+
+
+def _pool_create(args: argparse.Namespace, client: ProxmoxClient) -> dict:
+    data: dict = {"poolid": args.poolid}
+    if args.comment:
+        data["comment"] = args.comment
+    return client.post("/pools", data=data)
+
+
+def _pool_update(args: argparse.Namespace, client: ProxmoxClient) -> dict:
+    data: dict = {}
+    if args.comment is not None:
+        data["comment"] = args.comment
+    if args.allow_delete:
+        data["delete"] = 1
+    if not data:
+        return {"error": "Nothing to update. Use --comment or --allow-delete."}
+    return client.put(f"/pools/{args.poolid}", data=data)
+
+
+def _pool_delete(args: argparse.Namespace, client: ProxmoxClient) -> dict:
+    return client.delete(f"/pools/{args.poolid}")

{proxcli-0.4.0 → proxcli-0.5.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "proxcli"
-version = "0.4.0"
+version = "0.5.0"
 description = "A CLI tool to interact with Proxmox VE nodes and clusters via the REST API"
 readme = "README.md"
 authors = [

{proxcli-0.4.0 → proxcli-0.5.0}/uv.lock

@@ -254,7 +254,7 @@ wheels = [
 
 [[package]]
 name = "proxcli"
-version = "0.4.0"
+version = "0.5.0"
 source = { editable = "." }
 dependencies = [
     { name = "httpx" },