inside /etc/pve/firewall/vmid.fw
[sysrules]
group ...
IN ...
OUT ...
[rules]
...
-
Where all rules inside [sysrules] have higher priority than other rules. Only
System Admin
can see/change those rules.
good or bad idea?
-Original Message-
From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of
Dietmar Maurer
Sent: Donnerstag, 04. September 2014 19:47
To: pve-devel@pve.proxmox.com
Subject: [pve-devel] idea: new section 'sysrules' inside vmid.fw
inside /etc/pve/firewall/vmid.fw
On Thu, 4 Sep 2014 17:47:13 +
Dietmar Maurer diet...@proxmox.com wrote:
Where all rules inside [sysrules] have higher priority than other rules. Only
System Admin
can see/change those rules.
good or bad idea?
I think others which are allowed to configure firewalls should be
allowed
See comment below
-Original Message-
From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of
Michael Rasmussen
Sent: Donnerstag, 04. September 2014 20:10
To: pve-devel@pve.proxmox.com
Subject: Re: [pve-devel] idea: new section 'sysrules' inside vmid.fw
On Thu, 4 Sep 2014
I think we can make [sysrules] visible to the VM admin. To hide rules from VM
admin,
one can put them into a group defined in cluster.fw
I think others which are allowed to configure firewalls should be allowed to
see
the system firewall rules to prevent people from trying to debug not
