I think we can make [sysrules] visible to the VM admin. To hide rules from VM
admin,
one can put them into a group defined in cluster.fw
> I think others which are allowed to configure firewalls should be allowed to
> see
> the system firewall rules to prevent people from trying to debug not wor
See comment below
-Original Message-
From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of
Michael Rasmussen
Sent: Donnerstag, 04. September 2014 20:10
To: pve-devel@pve.proxmox.com
Subject: Re: [pve-devel] idea: new section 'sysrules' inside vmid.fw
On Thu,
On Thu, 4 Sep 2014 17:47:13 +
Dietmar Maurer wrote:
> Where all rules inside [sysrules] have higher priority than other rules. Only
> System Admin
> can see/change those rules.
>
> good or bad idea?
>
I think others which are allowed to configure firewalls should be
allowed to see the syst
ither essential nor important
-Original Message-
From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of
Dietmar Maurer
Sent: Donnerstag, 04. September 2014 19:47
To: pve-devel@pve.proxmox.com
Subject: [pve-devel] idea: new section 'sysrules' insi
inside /etc/pve/firewall/.fw
[sysrules]
group ...
IN ...
OUT ...
[rules]
...
-
Where all rules inside [sysrules] have higher priority than other rules. Only
System Admin
can see/change those rules.
good or bad idea?
