[pve-devel] PVE Firewall
Dietmar Maurer
dietmar at proxmox.com
Fri Jun 13 20:33:26 CEST 2014
> i would like to have different levels of firewall. Something the USER / VM Owner
> can control and something the PVE Manage / Sysadmin can control.
>
> So i can give the user the ability to use the new cool firewall code but i can still
> be shure that he doesn't use a DHCP Server, didn't disable the MAC filter and
> doesn't fake IP adresses.
>
> Is this something we can archieve?
>
> May be some kind of "global" rules inside the cluster.fw? Which the user can't
> touch?
Maybe we can use the current permission system, and require special privileges
to enable/disable those feature (firewall, macfilter).
We can also add an option to set default security groups:
---1000.fw---
[options]
groups: group1,group2,group3
...
-------------
Those groups are added before any other rule, and needs special privileges to set/modify.
?
More information about the pve-devel
mailing list