[pve-devel] idea: new section 'sysrules' inside vmid.fw
Michael Rasmussen
mir at datanom.net
Thu Sep 4 20:10:00 CEST 2014
On Thu, 4 Sep 2014 17:47:13 +0000
Dietmar Maurer <dietmar at proxmox.com> wrote:
> Where all rules inside [sysrules] have higher priority than other rules. Only System Admin
> can see/change those rules.
>
> good or bad idea?
>
I think others which are allowed to configure firewalls should be
allowed to see the system firewall rules to prevent people from trying
to debug not working rules due to there own rule set is overruled by
the system rules.
--
Hilsen/Regards
Michael Rasmussen
Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
If a thing's worth doing, it is worth doing badly.
-- G. K. Chesterton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140904/b412c3c6/attachment.sig>
More information about the pve-devel
mailing list