[pve-devel] pve-firewall : src/dest rules with ip list, give 2 rules
Alexandre DERUMIER
aderumier at odiso.com
Tue Apr 1 13:39:36 CEST 2014
>>So, maybe can we forbid iplist in vm rules ? (now we have ipset for this)
Note, I thinked that it was breaking the digest (always updating the chain), but it's not the case.
So we can keep it.
----- Mail original -----
De: "Alexandre DERUMIER" <aderumier at odiso.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Mardi 1 Avril 2014 12:07:17
Objet: [pve-devel] pve-firewall : src/dest rules with ip list, give 2 rules
Hi,
I just notice that
iptables -A FORWARD -s 192.168.0.1,192.168.0.2 -j ACCEPT
give us:
iptable-save
-A FORWARD -s 192.168.0.1/32 -j ACCEPT
-A FORWARD -s 192.168.0.2/32 -j ACCEPT
So, maybe can we forbid iplist in vm rules ? (now we have ipset for this)
(I also find a bug with --src-range, I'll send patch)
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list