See comment below -----Original Message----- From: pve-devel [mailto:[email protected]] On Behalf Of Michael Rasmussen Sent: Donnerstag, 04. September 2014 20:10 To: [email protected] Subject: Re: [pve-devel] idea: new section 'sysrules' inside vmid.fw
On Thu, 4 Sep 2014 17:47:13 +0000 Dietmar Maurer <[email protected]> wrote: > Where all rules inside [sysrules] have higher priority than other > rules. Only System Admin can see/change those rules. > > good or bad idea? > I think others which are allowed to configure firewalls should be allowed to see the system firewall rules to prevent people from trying to debug not working rules due to there own rule set is overruled by the system rules. ******** comment: As far as I understood it is still possible if the administrator doesn´t use the new option "sysrules" - it depends of the hoster´s need. But now I have an idea for an additional option: "sysrules-readonly" (= the user can see but not change them) ****************** -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael <at> rasmussen <dot> cc http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E mir <at> datanom <dot> net http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C mir <at> miras <dot> org http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917 -------------------------------------------------------------- /usr/games/fortune -es says: If a thing's worth doing, it is worth doing badly. -- G. K. Chesterton _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
