[pve-devel] [PATCH] add ips feature v4
Alexandre DERUMIER
aderumier at odiso.com
Wed Mar 19 13:50:24 CET 2014
>>The idea is the we pass a hash which defines the 'real' actions. For example:
>>ruleset_generate_rule($ruleset, $chain, $rule,
>>{ ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" });
>>So ACCEPT is replaced by PVEFW-SET-ACCEPT-MARK,
>>and REJECT is replaced by PVEFW-reject
Ok,got it. Thanks !
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com
Envoyé: Mercredi 19 Mars 2014 12:57:29
Objet: RE: [pve-devel] [PATCH] add ips feature v4
> > 'Razor' => [
> > - { action => 'ACCEPT', proto => 'tcp', dport => '2703' },
> > + { action => 'PVEFW-Accept', proto => 'tcp', dport => '2703' },
> > ],
>
> No, this is the wrong way to do it!
>
> This rules are emitted with ruleset_generate_rule, and you can pass $actions
> there to overwrite defaults.
The idea is the we pass a hash which defines the 'real' actions. For example:
ruleset_generate_rule($ruleset, $chain, $rule,
{ ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" });
So ACCEPT is replaced by PVEFW-SET-ACCEPT-MARK,
and REJECT is replaced by PVEFW-reject
More information about the pve-devel
mailing list