I still have problems with the security group design, for example: --100.fw- [IN]
GROUP-group1 net0 GROUP-group2 net0 [OUT] GROUP-group2 net0 GROUP-group1 net0 ----- Note: group order is different between IN and OUT --100.fw- [IN] GROUP-group1 net0 1.2.3.4 ----- Note: we only jump to group if source == 1.2.3.4? Do we want such functionality? another example: --100.fw- [IN] GROUP-group1 net0 GROUP-group2 net0 [OUT] GROUP-group1 net3 GROUP-group2 net0 ----- Note: Usage of 'net3' instead of 'net0' is a typo? Or do we want to allow that? We could avoid all those problems by introducing a [GROUPS] section: --100.fw- [GROUPS] group1 net0 group2 net0 [IN] [OUT] ----- what do you think? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
