[pve-devel] [PATCH] add aliases feature

Alexandre DERUMIER aderumier at odiso.com
Tue Apr 22 17:40:44 CEST 2014


>> maybe for ipset too ? (ipset defined at vm level ) 
>>
>>yes. 

How do you want to manage rules ?

example:

cluster.fw
-----------
[ipset myipset] (generate ipset PVEFW-myipset)
...
vmid.fw

[ipset myipset]  (generate ipset VMID-myipset)

[RULES]
OUT ACCEPT net0 +myipset

(do we look in VMID-myipset first, then if not exist PVEFW-myipset) ?


or 

[RULES]
OUT ACCEPT net0 +VMID-myipset
OUT ACCEPT net0 +PVEFW-myipset





----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mardi 22 Avril 2014 09:40:21 
Objet: RE: [pve-devel] [PATCH] add aliases feature 

> >> Also, wouldn’t it be good to define aliases at VM level (100.fw)? 
> >> 
> >>But this would be a good addition? 
> 
> Yes,it could be usefull. (multiple vm rules with same alias) 
> 
> maybe for ipset too ? (ipset defined at vm level ) 

yes. 



More information about the pve-devel mailing list