>>no, I thought we only lookup ipsets in the corresponding file. so cluster.fw rules ->ipset from cluster.fw
and vmid.fw rules ->ipset from vm.rules ? I think it's ok, we can defined an ipset in a group rule and assign the the group in vm.rules But for aliases, I would like to be able to use aliases from cluster.fw in vmid.conf ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Mardi 22 Avril 2014 18:53:30 Objet: RE: [pve-devel] [PATCH] add aliases feature > How do you want to manage rules ? > > example: > > cluster.fw > ----------- > [ipset myipset] (generate ipset PVEFW-myipset) ... > vmid.fw > > [ipset myipset] (generate ipset VMID-myipset) > > [RULES] > OUT ACCEPT net0 +myipset > > (do we look in VMID-myipset first, then if not exist PVEFW-myipset) ? no, I thought we only lookup ipsets in the corresponding file. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
