>> maybe for ipset too ? (ipset defined at vm level ) >> >>yes.
How do you want to manage rules ? example: cluster.fw ----------- [ipset myipset] (generate ipset PVEFW-myipset) ... vmid.fw [ipset myipset] (generate ipset VMID-myipset) [RULES] OUT ACCEPT net0 +myipset (do we look in VMID-myipset first, then if not exist PVEFW-myipset) ? or [RULES] OUT ACCEPT net0 +VMID-myipset OUT ACCEPT net0 +PVEFW-myipset ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Mardi 22 Avril 2014 09:40:21 Objet: RE: [pve-devel] [PATCH] add aliases feature > >> Also, wouldn’t it be good to define aliases at VM level (100.fw)? > >> > >>But this would be a good addition? > > Yes,it could be usefull. (multiple vm rules with same alias) > > maybe for ipset too ? (ipset defined at vm level ) yes. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
