From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Dominik Csapak <d.csapak@proxmox.com>,
Oguz Bektas <o.bektas@proxmox.com>
Subject: Re: [pve-devel] [PATCH v4 firewall 1/2] implement fail2ban backend and API
Date: Wed, 20 Oct 2021 16:09:02 +0200 [thread overview]
Message-ID: <80c2938f-049a-0f65-e269-aef6eb2bc85d@proxmox.com> (raw)
In-Reply-To: <39f67e0b-143e-93f6-fd96-7b208b86a3ae@proxmox.com>
On 19.10.21 15:43, Dominik Csapak wrote:
> while the code looks ok IMHO, i have some general questions:
> * does it really make sense to hard depend on fail2ban?
> could it not also make sense to have it as 'recommends' or 'suggests'?
> setting enabled to 1 could then check if its installed and
> raise an error
fwiw, it does not make sense to me to have a hard dependency here, as I pointed
out in pretty much every revision of this series, that and most other things (e.g.,
trying if we can simply generate the rules here ourself) where rather ignored so
after the third iteration I went "tit for tat" and ignored the whole thing..
>
> * if we do not plan to add more fail2ban options in our config,
> i would rather see a combined fail2ban option (propertystring?)
> that would go into the general host firewall options
>
> that way we would not have to c&p the whole config parsing/setting api
> and could have a single new option line in the gui instead
> of a whole new panel with only 3 options (i think the majority of our
> users will not use fail2ban)
would make much more sense, it's an simple option and bringing down UX by
crowding the interface for a simple an option that one sets one-time only
anyway seems not ideal to me..
next prev parent reply other threads:[~2021-10-20 14:09 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-11 10:57 [pve-devel] [PATCH-SERIES manager firewall v4 0/2] fix #1065: implement fail2ban api and gui Oguz Bektas
2021-10-11 10:57 ` [pve-devel] [PATCH v4 firewall 1/2] implement fail2ban backend and API Oguz Bektas
2021-10-19 13:43 ` Dominik Csapak
2021-10-20 12:11 ` Oguz Bektas
2021-10-20 14:12 ` Thomas Lamprecht
2021-10-20 14:09 ` Thomas Lamprecht [this message]
2021-10-11 10:57 ` [pve-devel] [PATCH v4 manager 2/2] fix #1065: ui: fail2ban gui for nodes Oguz Bektas
2021-10-19 13:47 ` Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=80c2938f-049a-0f65-e269-aef6eb2bc85d@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=o.bektas@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox