[pve-devel] idea: new section 'sysrules' inside vmid.fw

Friedrich Ramberger comfrit at aon.at
Thu Sep 4 20:17:30 CEST 2014


See comment below 

-----Original Message-----
From: pve-devel [mailto:pve-devel-bounces at pve.proxmox.com] On Behalf Of
Michael Rasmussen
Sent: Donnerstag, 04. September 2014 20:10
To: pve-devel at pve.proxmox.com
Subject: Re: [pve-devel] idea: new section 'sysrules' inside vmid.fw

On Thu, 4 Sep 2014 17:47:13 +0000
Dietmar Maurer <dietmar at proxmox.com> wrote:

> Where all rules inside [sysrules] have higher priority than other 
> rules. Only System Admin can see/change those rules.
> 
> good or bad idea?
> 
I think others which are allowed to configure firewalls should be allowed to
see the system firewall rules to prevent people from trying to debug not
working rules due to there own rule set is overruled by the system rules.
******** comment:
As far as I understood it is still possible if the administrator doesn´t use
the new option "sysrules" - it depends of the hoster´s need. But now I have
an idea for an additional option: "sysrules-readonly" (= the user can see
but not change them)
******************

--
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
If a thing's worth doing, it is worth doing badly.
		-- G. K. Chesterton




More information about the pve-devel mailing list