[pve-devel] idea: new section 'sysrules' inside vmid.fw

Dietmar Maurer dietmar at proxmox.com
Thu Sep 4 20:46:54 CEST 2014


I think we can make [sysrules] visible to the VM admin. To hide rules from VM admin,
one can put them into a group defined in cluster.fw

> I think others which are allowed to configure firewalls should be allowed to see
> the system firewall rules to prevent people from trying to debug not working
> rules due to there own rule set is overruled by the system rules.
> ******** comment:
> As far as I understood it is still possible if the administrator doesn´t use the new
> option "sysrules" - it depends of the hoster´s need. But now I have an idea for an
> additional option: "sysrules-readonly" (= the user can see but not change them)
> ******************




More information about the pve-devel mailing list