On Fri, 16 May 2014 15:44:52 +0000 Dietmar Maurer <diet...@proxmox.com> wrote:
> We currently use the following format for rules: > > #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT > IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20 > > This hard to write/read because you need to remember the correct order. > > So I thought about using something like: > > in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80 > -sport 20 > > This is a bit harder to parse, but it is easy to add more options in future. > > What do you think? > Why not stick to the iptables format? in ACCEPT(MACRO) -i net0 -s 192.168.2.0 -d 1.2.3.4 -p tcp -dport 80 -sport 20 -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael <at> rasmussen <dot> cc http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E mir <at> datanom <dot> net http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C mir <at> miras <dot> org http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917 -------------------------------------------------------------- /usr/games/fortune -es says: Dime is money.
signature.asc
Description: PGP signature
_______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel