Re: [pve-devel] [PATCH] add ips feature v4

Dietmar Maurer Wed, 19 Mar 2014 04:58:19 -0700

> >      'Razor' => [
> > -   { action => 'ACCEPT', proto => 'tcp', dport => '2703' },
> > +   { action => 'PVEFW-Accept', proto => 'tcp', dport => '2703' },
> >      ],
> 
> No, this is the wrong way to do it!
> 
> This rules are emitted with ruleset_generate_rule, and you can pass $actions
> there to overwrite defaults.


The idea is the we pass a hash which defines the 'real' actions. For example:

                ruleset_generate_rule($ruleset, $chain, $rule, 
                                      { ACCEPT => "PVEFW-SET-ACCEPT-MARK", 
REJECT => "PVEFW-reject" });

So ACCEPT is replaced by PVEFW-SET-ACCEPT-MARK,
and REJECT is replaced by PVEFW-reject



_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH] add ips feature v4

Reply via email to