[pve-devel] firewall rules format

Dietmar Maurer dietmar at proxmox.com
Fri May 16 19:01:19 CEST 2014


> Why not stick to the iptables format?
> in ACCEPT(MACRO) -i net0 -s 192.168.2.0 -d 1.2.3.4 -p tcp -dport 80 -sport 20

beaucse we cannot provide full iptables functionality, and iptables format
is really clumsy (for example multiport maches, ipsets, ...).

But above syntax is basically iptables format, with some simplifications ;-) 
Or what would you change exactly?





More information about the pve-devel mailing list