[pve-devel] firewall : cluster.fw [rules] section ?
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Fri Jul 4 14:17:02 CEST 2014
Am 04.07.2014 13:50, schrieb Stefan Priebe - Profihost AG:
> Am 04.07.2014 13:45, schrieb Alexandre DERUMIER:
>>>> What about ARP traffic? Smoeone can claim he is another mac in ARP. Even
>>>> though ip traffic will then never reach the VM he still can tell via arp
>>>> that this vm is for example the GW.
>>
>> Oh, ok, you are right !
>>
>> I'll make a patch for ebtables,it should be easy to implement.
This is an ugly hack to show what i mean.
ebtables hack:
http://pastebin.com/raw.php?i=LaLdg7nk
Stefan
More information about the pve-devel
mailing list