[pve-devel] PVE Firewall
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Mon Jun 16 09:21:34 CEST 2014
Am 13.06.2014 20:33, schrieb Dietmar Maurer:
>> i would like to have different levels of firewall. Something the USER / VM Owner
>> can control and something the PVE Manage / Sysadmin can control.
>>
>> So i can give the user the ability to use the new cool firewall code but i can still
>> be shure that he doesn't use a DHCP Server, didn't disable the MAC filter and
>> doesn't fake IP adresses.
>>
>> Is this something we can archieve?
>>
>> May be some kind of "global" rules inside the cluster.fw? Which the user can't
>> touch?
>
> Maybe we can use the current permission system, and require special privileges
> to enable/disable those feature (firewall, macfilter).
That sounds great!
> We can also add an option to set default security groups:
>
> ---1000.fw---
> [options]
> groups: group1,group2,group3
> ...
> -------------
>
> Those groups are added before any other rule, and needs special privileges to set/modify.
>
> ?
That sounds great too ;-)
Still need to figure out why the firewall does not work for me at all.
Greets,
Stefan
More information about the pve-devel
mailing list