[pve-devel] firewall rules format
Alexandre DERUMIER
aderumier at odiso.com
Fri May 16 17:56:41 CEST 2014
>>#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
>>IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20
>>This hard to write/read because you need to remember the correct order.
>>So I thought about using something like:
>>in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80 -sport 20
>>This is a bit harder to parse, but it is easy to add more options in future.
>>What do you think?
Yes, I Agree, better to read indeed !
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER (aderumier at odiso.com)" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Vendredi 16 Mai 2014 17:44:52
Objet: firewall rules format
We currently use the following format for rules:
#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20
This hard to write/read because you need to remember the correct order.
So I thought about using something like:
in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80 -sport 20
This is a bit harder to parse, but it is easy to add more options in future.
What do you think?
More information about the pve-devel
mailing list