From: Oguz Bektas <o.bektas@proxmox.com>
To: Dominik Csapak <d.csapak@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH v4 firewall 1/2] implement fail2ban backend and API
Date: Wed, 20 Oct 2021 14:11:16 +0200 [thread overview]
Message-ID: <YXAHZKkSs38FtP/G@gaia> (raw)
In-Reply-To: <39f67e0b-143e-93f6-fd96-7b208b86a3ae@proxmox.com>
On Tue, Oct 19, 2021 at 03:43:49PM +0200, Dominik Csapak wrote:
> while the code looks ok IMHO, i have some general questions:
> * does it really make sense to hard depend on fail2ban?
> could it not also make sense to have it as 'recommends' or 'suggests'?
> setting enabled to 1 could then check if its installed and
> raise an error
>
> * if we do not plan to add more fail2ban options in our config,
> i would rather see a combined fail2ban option (propertystring?)
> that would go into the general host firewall options
>
> that way we would not have to c&p the whole config parsing/setting api
> and could have a single new option line in the gui instead
> of a whole new panel with only 3 options (i think the majority of our
> users will not use fail2ban)
>
> does that make sense to you?
>
well if we hide it like that inside the menu, then surely nobody will
use it ;)
separate panel makes it more visible IMO. it shouldn't be hidden 3
layers deep in the options menu (Host -> Firewall -> Options -> Fail2ban
-> Enable) for such a simple feature, i think a lot more people would
use it if it's placed in a visible location (Host -> Fail2ban ->
Enable). if you really insist on putting it in the firewall options menu
then i'll have to insist for it to be installed & enabled by default :)
i didn't see any good reason to not have it installed and enabled with
sane defaults since it doesn't hurt anything IMHO... that's why i went
with hard dependency instead of 'recommends' or 'suggests'.
also i wanted to have a separate API endpoint which is why i didnt go for
adding it into the options section.
though we can still make it take a property string as option i suppose.
oguz
next prev parent reply other threads:[~2021-10-20 12:11 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-11 10:57 [pve-devel] [PATCH-SERIES manager firewall v4 0/2] fix #1065: implement fail2ban api and gui Oguz Bektas
2021-10-11 10:57 ` [pve-devel] [PATCH v4 firewall 1/2] implement fail2ban backend and API Oguz Bektas
2021-10-19 13:43 ` Dominik Csapak
2021-10-20 12:11 ` Oguz Bektas [this message]
2021-10-20 14:12 ` Thomas Lamprecht
2021-10-20 14:09 ` Thomas Lamprecht
2021-10-11 10:57 ` [pve-devel] [PATCH v4 manager 2/2] fix #1065: ui: fail2ban gui for nodes Oguz Bektas
2021-10-19 13:47 ` Dominik Csapak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YXAHZKkSs38FtP/G@gaia \
--to=o.bektas@proxmox.com \
--cc=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox