[pve-devel] firewall rules format

Michael Rasmussen mir at datanom.net
Fri May 16 18:02:36 CEST 2014


On Fri, 16 May 2014 15:44:52 +0000
Dietmar Maurer <dietmar at proxmox.com> wrote:

> We currently use the following format for rules:
> 
> #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
> IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20
> 
> This hard to write/read because you need to remember the correct order.
> 
> So I thought about using something like:
> 
> in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80 -sport 20
> 
> This is a bit harder to parse, but it is easy to add more options in future.
> 
> What do you think?
> 
Why not stick to the iptables format?
in ACCEPT(MACRO) -i net0 -s 192.168.2.0 -d 1.2.3.4 -p tcp -dport 80
-sport 20

-- 
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
Dime is money.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140516/052b7704/attachment.sig>


More information about the pve-devel mailing list