[pve-devel] firewall : add ip "alias" feature suggestion.
Alexandre DERUMIER
aderumier at odiso.com
Sun Apr 6 19:54:10 CEST 2014
Hi,
I would like to add an new feature
in cluster.fw
[IPALIAS]
alias1 10.0.0.1
alias2 10.0.0.2
alias3 10.0.0.0/24
this aliases can be use in vm and group rules and ipset
[IPSET myset]
192.168.0.1
alias1
172.16.0.1
[group mygrouprules]
IN ACCEPT alias2
vmid.fw
-------
OUT ACCEPT net0 alias3
finally, when we generate rules or ipset, we simply replace aliases by their ip/network address.
one example of usage, if a vm change his ip address, we simply change the alias, without need to change any rules.
What do you think about it ?
Alexandre D e rumier
Ingénieur Systèmes et Réseaux
Fixe : 03 20 68 88 90
Fax : 03 20 68 90 81
45 Bvd du Général Leclerc 59100 Roubaix
12 rue Marivaux 75002 Paris
More information about the pve-devel
mailing list