[pve-devel] PVE Firewall

Dietmar Maurer dietmar at proxmox.com
Fri Jun 13 20:33:26 CEST 2014


> i would like to have different levels of firewall. Something the USER / VM Owner
> can control and something the PVE Manage / Sysadmin can control.
> 
> So i can give the user the ability to use the new cool firewall code but i can still
> be shure that he doesn't use a DHCP Server, didn't disable the MAC filter and
> doesn't fake IP adresses.
> 
> Is this something we can archieve?
> 
> May be some kind of "global" rules inside the cluster.fw? Which the user can't
> touch?

Maybe we can use the current permission system, and require special privileges
to enable/disable those feature (firewall, macfilter).

We can also add an option to set default security groups:

---1000.fw---
[options]
groups: group1,group2,group3
...
-------------

Those groups are added before any other rule, and needs special privileges to set/modify.

?





More information about the pve-devel mailing list