[pve-devel] pve-firewall : iptables V2
Alexandre DERUMIER
aderumier at odiso.com
Fri Feb 14 15:36:20 CET 2014
>>My hope is that we can use those SHA1 checksums to see if something changed.
Oh, ok, 1 checksum by chain, I understand now
>>Another usage is to clear out all pvefw related rules:
>>https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=b16e818ea730142f89b8d7b170a444edb385e531
you should also add theses chains to clear all
vmbrx-IN
vmbrx-OUT
GROUP-xxx
>>Does that makes sense?
Yes.
But how do you remove stale chain ?
(like a stale tap chain, because of a vm crash for example)
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Vendredi 14 Février 2014 15:13:14
Objet: RE: [pve-devel] pve-firewall : iptables V2
> >>We can old and new ruleset, so there is no need to list
> >>/sys/class/net/vmbrX/brif/tapX
>
> can you provide an example ?
So far I added code to parse the output of 'iptables-save':
https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=de2a57cdcf099c30feecb5c095328a82d1d154e1
My hope is that we can use those SHA1 checksums to see if something changed.
Another usage is to clear out all pvefw related rules:
https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=b16e818ea730142f89b8d7b170a444edb385e531
Does that makes sense?
More information about the pve-devel
mailing list