[pve-devel] [PATCH] add ips feature v4
Dietmar Maurer
dietmar at proxmox.com
Wed Mar 19 12:57:29 CET 2014
> > 'Razor' => [
> > - { action => 'ACCEPT', proto => 'tcp', dport => '2703' },
> > + { action => 'PVEFW-Accept', proto => 'tcp', dport => '2703' },
> > ],
>
> No, this is the wrong way to do it!
>
> This rules are emitted with ruleset_generate_rule, and you can pass $actions
> there to overwrite defaults.
The idea is the we pass a hash which defines the 'real' actions. For example:
ruleset_generate_rule($ruleset, $chain, $rule,
{ ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" });
So ACCEPT is replaced by PVEFW-SET-ACCEPT-MARK,
and REJECT is replaced by PVEFW-reject
More information about the pve-devel
mailing list