[pve-devel] [PATCH] add aliases feature
Alexandre DERUMIER
aderumier at odiso.com
Tue Apr 22 17:40:44 CEST 2014
>> maybe for ipset too ? (ipset defined at vm level )
>>
>>yes.
How do you want to manage rules ?
example:
cluster.fw
-----------
[ipset myipset] (generate ipset PVEFW-myipset)
...
vmid.fw
[ipset myipset] (generate ipset VMID-myipset)
[RULES]
OUT ACCEPT net0 +myipset
(do we look in VMID-myipset first, then if not exist PVEFW-myipset) ?
or
[RULES]
OUT ACCEPT net0 +VMID-myipset
OUT ACCEPT net0 +PVEFW-myipset
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 22 Avril 2014 09:40:21
Objet: RE: [pve-devel] [PATCH] add aliases feature
> >> Also, wouldn’t it be good to define aliases at VM level (100.fw)?
> >>
> >>But this would be a good addition?
>
> Yes,it could be usefull. (multiple vm rules with same alias)
>
> maybe for ipset too ? (ipset defined at vm level )
yes.
More information about the pve-devel
mailing list