[pve-devel] making the firewall more robust?
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Tue Nov 29 10:48:02 CET 2016
Am 29.11.2016 um 10:29 schrieb Dietmar Maurer:
>> So it seems that the whole firewall breaks if there is somewhere
>> something wrong.
>>
>> I think especially for the firewall it's important to jsut skip that
>> line but process all other values.
>
> That is how it should work. If there is a bug, we need to fix it. So
> the first question is how to trigger that bug?
# cat 120.fw
[OPTIONS]
policy_in: DROP
log_level_in: nolog
enable: 1
[IPSET letsencrypt]
0.0.0.0/0 # All IP
all_ips
[RULES]
|IN ACCEPT -i net1 -source 0.0.0.0/0 -p tcp -dport 3333 # netcat test
IN ACCEPT -i net1 -source 0.0.0.0/0 -p tcp -dport 80,443 # From all IP
to Port 80 and 443
GROUP ph_default_group -i net1
Stefan
More information about the pve-devel
mailing list