Re: [pve-devel] firewall rules format

Just commited this change Yes, keep it simple in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80 - sport 20 Ok, will go that way ;-) ___ pve-devel mailing list pve-devel@pve.proxmox.com

Re: [pve-devel] firewall rules format

As long as it is unique. But for now I want to keep things simple. We just need to decide if we move from position based arguments to named arguments. Yes, keep it simple in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80 - sport 20 Ok, will go that way ;-)

[pve-devel] firewall rules format

We currently use the following format for rules: #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20 This hard to write/read because you need to remember the correct order. So I thought about using something like: in ACCEPT(MACRO) -i net0

Re: [pve-devel] firewall rules format

#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20 This hard to write/read because you need to remember the correct order. So I thought about using something like: in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80

Re: [pve-devel] firewall rules format

On Fri, 16 May 2014 15:44:52 + Dietmar Maurer diet...@proxmox.com wrote: We currently use the following format for rules: #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20 This hard to write/read because you need to remember the

Re: [pve-devel] firewall rules format

Why not stick to the iptables format? in ACCEPT(MACRO) -i net0 -s 192.168.2.0 -d 1.2.3.4 -p tcp -dport 80 -sport 20 beaucse we cannot provide full iptables functionality, and iptables format is really clumsy (for example multiport maches, ipsets, ...). But above syntax is basically iptables

Re: [pve-devel] firewall rules format

Why not stick to the iptables format? in ACCEPT(MACRO) -i net0 -s 192.168.2.0 -d 1.2.3.4 -p tcp -dport 80 -sport 20 beaucse we cannot provide full iptables functionality, and iptables format is really clumsy (for example multiport maches, ipsets, ...). For example, we want to write: -

Re: [pve-devel] firewall rules format

-Original Message- From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of Dietmar Maurer Sent: Freitag, 16. Mai 2014 19:20 To: Michael Rasmussen; pve-devel@pve.proxmox.com Subject: Re: [pve-devel] firewall rules format Why not stick to the iptables format

Re: [pve-devel] firewall rules format

On Fri, 16 May 2014 17:01:19 + Dietmar Maurer diet...@proxmox.com wrote: beaucse we cannot provide full iptables functionality, and iptables format is really clumsy (for example multiport maches, ipsets, ...). True. But above syntax is basically iptables format, with some

Re: [pve-devel] firewall rules format

But above syntax is basically iptables format, with some simplifications ;-) Or what would you change exactly? -source - -s -dest - -d The getopt-long parser usually accept several option format, like: --source -source -s As long as it is unique. But for now I want to keep things

Re: [pve-devel] firewall rules format

On Fri, 16 May 2014 17:50:22 + Dietmar Maurer diet...@proxmox.com wrote: The getopt-long parser usually accept several option format, like: --source -source -s As long as it is unique. But for now I want to keep things simple. We just need to decide if we move from position based

Re: [pve-devel] firewall rules format

original - De: Dietmar Maurer diet...@proxmox.com À: Michael Rasmussen m...@datanom.net, pve-devel@pve.proxmox.com Envoyé: Vendredi 16 Mai 2014 19:50:22 Objet: Re: [pve-devel] firewall rules format But above syntax is basically iptables format, with some simplifications ;-) Or what would