[pve-devel] pvefw security group questions
Dietmar Maurer
dietmar at proxmox.com
Thu Feb 27 11:32:39 CET 2014
I still have problems with the security group design, for example:
--100.fw-
[IN]
GROUP-group1 net0
GROUP-group2 net0
[OUT]
GROUP-group2 net0
GROUP-group1 net0
-----
Note: group order is different between IN and OUT
--100.fw-
[IN]
GROUP-group1 net0 1.2.3.4
-----
Note: we only jump to group if source == 1.2.3.4?
Do we want such functionality?
another example:
--100.fw-
[IN]
GROUP-group1 net0
GROUP-group2 net0
[OUT]
GROUP-group1 net3
GROUP-group2 net0
-----
Note: Usage of 'net3' instead of 'net0' is a typo? Or do we want to allow that?
We could avoid all those problems by introducing a [GROUPS] section:
--100.fw-
[GROUPS]
group1 net0
group2 net0
[IN]
[OUT]
-----
what do you think?
More information about the pve-devel
mailing list