A good one - I guess the rules (without sys) are userrules then (=
managed by user-permission level) - maybe we can use this term in the
config-file too (in order to make it more transparent) like
[userrules]
But, of course, which term tuo use it is neither essential nor important
On Thu, 4 Sep 2014 17:47:13 +
Dietmar Maurer diet...@proxmox.com wrote:
Where all rules inside [sysrules] have higher priority than other rules. Only
System Admin
can see/change those rules.
good or bad idea?
I think others which are allowed to configure firewalls should be
allowed
See comment below
-Original Message-
From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of
Michael Rasmussen
Sent: Donnerstag, 04. September 2014 20:10
To: pve-devel@pve.proxmox.com
Subject: Re: [pve-devel] idea: new section 'sysrules' inside vmid.fw
On Thu, 4 Sep 2014
I think we can make [sysrules] visible to the VM admin. To hide rules from VM
admin,
one can put them into a group defined in cluster.fw
I think others which are allowed to configure firewalls should be allowed to
see
the system firewall rules to prevent people from trying to debug not
