[pve-devel] Firewalling Proxmox with Shorewall

Loiseleur Michel michel at loiseleur.com
Mon Aug 20 22:32:01 CEST 2012


Le 17/08/2012 09:58, Dietmar Maurer a écrit :
>>> I guess we need two different rules files. One for the VMs (this is
>>> > >implemented), and one per node (or cluster wide).
>>> > >
>>> > >The node wide rules files can have normal shorewall syntax, and we can
>>> > >allow to use zone variables like  $VMBR0_VM100. That file can only be
>>> > >edited by admin, so we can basically allow all shorewall features
>>> > >there (DNAT, SNAT, ...)
>> >
>> >I agree with you, we need a node wide rules files. When I tested, gui was not
>> >accessible and I knew that my ssh won't be able to reconnect.
> Maybe we can add some default rules to allow ssh, https traffic?


I'm on the way to implement a basic support of this host-wide file. For 
now, I think I'll put default rules in the example file.

Michel Loiseleur

More information about the pve-devel mailing list