[pve-devel] [PATCH] add aliases feature
Alexandre DERUMIER
aderumier at odiso.com
Tue Apr 22 23:28:09 CEST 2014
>>no, I thought we only lookup ipsets in the corresponding file.
so cluster.fw rules ->ipset from cluster.fw
and vmid.fw rules ->ipset from vm.rules ?
I think it's ok, we can defined an ipset in a group rule and assign the the group in vm.rules
But for aliases, I would like to be able to use aliases from cluster.fw in vmid.conf
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 22 Avril 2014 18:53:30
Objet: RE: [pve-devel] [PATCH] add aliases feature
> How do you want to manage rules ?
>
> example:
>
> cluster.fw
> -----------
> [ipset myipset] (generate ipset PVEFW-myipset) ...
> vmid.fw
>
> [ipset myipset] (generate ipset VMID-myipset)
>
> [RULES]
> OUT ACCEPT net0 +myipset
>
> (do we look in VMID-myipset first, then if not exist PVEFW-myipset) ?
no, I thought we only lookup ipsets in the corresponding file.
More information about the pve-devel
mailing list