[pve-devel] pve-firewall : src/dest rules with ip list, give 2 rules

Alexandre DERUMIER aderumier at odiso.com
Tue Apr 1 13:39:36 CEST 2014


>>So, maybe can we forbid iplist in vm rules ?  (now we have ipset for this)

Note, I thinked that it was breaking the digest (always updating the chain), but it's not the case.
So we can keep it.


----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Mardi 1 Avril 2014 12:07:17 
Objet: [pve-devel] pve-firewall : src/dest rules with ip list, give 2 rules 

Hi, 

I just notice that 

iptables -A FORWARD -s 192.168.0.1,192.168.0.2 -j ACCEPT 


give us: 
iptable-save 

-A FORWARD -s 192.168.0.1/32 -j ACCEPT 
-A FORWARD -s 192.168.0.2/32 -j ACCEPT 


So, maybe can we forbid iplist in vm rules ? (now we have ipset for this) 


(I also find a bug with --src-range, I'll send patch) 




_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 


More information about the pve-devel mailing list