[pve-devel] firewall rules format
Dietmar Maurer
dietmar at proxmox.com
Fri May 16 19:20:06 CEST 2014
> > Why not stick to the iptables format?
> > in ACCEPT(MACRO) -i net0 -s 192.168.2.0 -d 1.2.3.4 -p tcp -dport 80
> > -sport 20
>
> beaucse we cannot provide full iptables functionality, and iptables format is
> really clumsy (for example multiport maches, ipsets, ...).
For example, we want to write:
- dport 80
- dport 135,139,445
instead of:
--dport 80
--match multiport --dports 135,139,445
More information about the pve-devel
mailing list