Just commited this change
Yes, keep it simple
in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp
-dport 80 - sport 20
Ok, will go that way ;-)
___
pve-devel mailing list
pve-devel@pve.proxmox.com
As long as it is unique. But for now I want to keep things simple. We
just need to decide if we move from position based arguments to named
arguments.
Yes, keep it simple
in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80 -
sport 20
Ok, will go that way ;-)
We currently use the following format for rules:
#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20
This hard to write/read because you need to remember the correct order.
So I thought about using something like:
in ACCEPT(MACRO) -i net0
#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20
This hard to write/read because you need to remember the correct order.
So I thought about using something like:
in ACCEPT(MACRO) -i net0 -source 192.168.2.0 -dest 1.2.3.4 -p tcp -dport 80
On Fri, 16 May 2014 15:44:52 +
Dietmar Maurer diet...@proxmox.com wrote:
We currently use the following format for rules:
#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
IN ACCEPT(MACRO) net0 192.168.2.0 1.2.3.4 tcp 80 20
This hard to write/read because you need to remember the
Why not stick to the iptables format?
in ACCEPT(MACRO) -i net0 -s 192.168.2.0 -d 1.2.3.4 -p tcp -dport 80 -sport 20
beaucse we cannot provide full iptables functionality, and iptables format
is really clumsy (for example multiport maches, ipsets, ...).
But above syntax is basically iptables
Why not stick to the iptables format?
in ACCEPT(MACRO) -i net0 -s 192.168.2.0 -d 1.2.3.4 -p tcp -dport 80
-sport 20
beaucse we cannot provide full iptables functionality, and iptables format is
really clumsy (for example multiport maches, ipsets, ...).
For example, we want to write:
-
-Original Message-
From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of
Dietmar Maurer
Sent: Freitag, 16. Mai 2014 19:20
To: Michael Rasmussen; pve-devel@pve.proxmox.com
Subject: Re: [pve-devel] firewall rules format
Why not stick to the iptables format
On Fri, 16 May 2014 17:01:19 +
Dietmar Maurer diet...@proxmox.com wrote:
beaucse we cannot provide full iptables functionality, and iptables format
is really clumsy (for example multiport maches, ipsets, ...).
True.
But above syntax is basically iptables format, with some
But above syntax is basically iptables format, with some
simplifications ;-) Or what would you change exactly?
-source - -s
-dest - -d
The getopt-long parser usually accept several option format, like:
--source
-source
-s
As long as it is unique. But for now I want to keep things
On Fri, 16 May 2014 17:50:22 +
Dietmar Maurer diet...@proxmox.com wrote:
The getopt-long parser usually accept several option format, like:
--source
-source
-s
As long as it is unique. But for now I want to keep things simple. We just
need to
decide if we move from position based
original -
De: Dietmar Maurer diet...@proxmox.com
À: Michael Rasmussen m...@datanom.net, pve-devel@pve.proxmox.com
Envoyé: Vendredi 16 Mai 2014 19:50:22
Objet: Re: [pve-devel] firewall rules format
But above syntax is basically iptables format, with some
simplifications ;-) Or what would
12 matches
Mail list logo