[pve-devel] pve-firewall : enable|disable firewall atinterface level

Cesar Peschiera brain at click.com.py
Mon Apr 28 17:16:15 CEST 2014


I believe that add it to network interface config isn't good idea, because 
if we have several VMs in the same host and the network interface config was 
changed, will be unpleasant to need to do a shutdown the VMs and restart the 
physical server for that the changes take effect

----- Original Message ----- 
From: "Dietmar Maurer" <dietmar at proxmox.com>
To: "Alexandre DERUMIER" <aderumier at odiso.com>; "pve-devel" 
<pve-devel at pve.proxmox.com>
Sent: Monday, April 28, 2014 10:49 AM
Subject: Re: [pve-devel] pve-firewall : enable|disable firewall atinterface 
level


>> we can have vms with public interface (need firewall), and private 
>> interface
>> (dedicatedvlan without firewall).
>>
>> I would like to be able to enable/disable firewall in vmid.conf, in 
>> network
>> interface config,instead globally for the whole vm in vmid.fw.
>>
>> I have some database doing a lot of connections for example, and I don't 
>> want
>> extra firewall lookup/conntrack from theses interfaces
>>
>>
>> What do you think about it ?
>
> I thought about having a flag per VM , but we can also add it to network 
> interface config ( OK for me).
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 



More information about the pve-devel mailing list