[pve-devel] firewall rules format

Alexandre DERUMIER aderumier at odiso.com
Fri May 16 17:56:41 CEST 2014


>>#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT 
>>IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20 

>>This hard to write/read because you need to remember the correct order. 

>>So I thought about using something like: 

>>in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80 -sport 20 

>>This is a bit harder to parse, but it is easy to add more options in future. 

>>What do you think? 


Yes, I Agree,  better to read indeed !

----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER (aderumier at odiso.com)" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Vendredi 16 Mai 2014 17:44:52 
Objet: firewall rules format 



We currently use the following format for rules: 

#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT 
IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20 

This hard to write/read because you need to remember the correct order. 

So I thought about using something like: 

in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80 -sport 20 

This is a bit harder to parse, but it is easy to add more options in future. 

What do you think? 



More information about the pve-devel mailing list