[pve-devel] [PATCH v4 firewall 1/2] implement fail2ban backend and API
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed Oct 20 16:12:33 CEST 2021
On 20.10.21 14:11, Oguz Bektas wrote:
> On Tue, Oct 19, 2021 at 03:43:49PM +0200, Dominik Csapak wrote:
>> while the code looks ok IMHO, i have some general questions:
>> * does it really make sense to hard depend on fail2ban?
>> could it not also make sense to have it as 'recommends' or 'suggests'?
>> setting enabled to 1 could then check if its installed and
>> raise an error
>>
>> * if we do not plan to add more fail2ban options in our config,
>> i would rather see a combined fail2ban option (propertystring?)
>> that would go into the general host firewall options
>>
>> that way we would not have to c&p the whole config parsing/setting api
>> and could have a single new option line in the gui instead
>> of a whole new panel with only 3 options (i think the majority of our
>> users will not use fail2ban)
>
>>
>> does that make sense to you?
>>
>
> well if we hide it like that inside the menu, then surely nobody will
> use it ;)
>
> separate panel makes it more visible IMO. it shouldn't be hidden 3
> layers deep in the options menu (Host -> Firewall -> Options -> Fail2ban
> -> Enable) for such a simple feature, i think a lot more people would
> use it if it's placed in a visible location (Host -> Fail2ban ->
> Enable). if you really insist on putting it in the firewall options menu
> then i'll have to insist for it to be installed & enabled by default :)
With that arguing every option would need to be its own panel placed at the
top-level.. PVE's interface is complex as is, sensible grouping simple one time
option actually helps in UX and to find stuff, documentation can ensure features
are found, they provide a central searchable place for that, after all.
More information about the pve-devel
mailing list