I think we can make [sysrules] visible to the VM admin. To hide rules from VM admin, one can put them into a group defined in cluster.fw
> I think others which are allowed to configure firewalls should be allowed to > see > the system firewall rules to prevent people from trying to debug not working > rules due to there own rule set is overruled by the system rules. > ******** comment: > As far as I understood it is still possible if the administrator doesn´t use > the new > option "sysrules" - it depends of the hoster´s need. But now I have an idea > for an > additional option: "sysrules-readonly" (= the user can see but not change > them) > ****************** _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel