[pve-devel] [PATCH] add ips feature v4

Alexandre DERUMIER aderumier at odiso.com
Wed Mar 19 13:50:24 CET 2014


>>The idea is the we pass a hash which defines the 'real' actions. For example: 

>>ruleset_generate_rule($ruleset, $chain, $rule, 
>>{ ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" }); 

>>So ACCEPT is replaced by PVEFW-SET-ACCEPT-MARK, 
>>and REJECT is replaced by PVEFW-reject 

Ok,got it. Thanks !

----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com 
Envoyé: Mercredi 19 Mars 2014 12:57:29 
Objet: RE: [pve-devel] [PATCH] add ips feature v4 

> > 'Razor' => [ 
> > - { action => 'ACCEPT', proto => 'tcp', dport => '2703' }, 
> > + { action => 'PVEFW-Accept', proto => 'tcp', dport => '2703' }, 
> > ], 
> 
> No, this is the wrong way to do it! 
> 
> This rules are emitted with ruleset_generate_rule, and you can pass $actions 
> there to overwrite defaults. 

The idea is the we pass a hash which defines the 'real' actions. For example: 

ruleset_generate_rule($ruleset, $chain, $rule, 
{ ACCEPT => "PVEFW-SET-ACCEPT-MARK", REJECT => "PVEFW-reject" }); 

So ACCEPT is replaced by PVEFW-SET-ACCEPT-MARK, 
and REJECT is replaced by PVEFW-reject 



More information about the pve-devel mailing list