[pve-devel] firewall : cluster.fw [rules] section ?
Alexandre DERUMIER
aderumier at odiso.com
Sat Jul 5 14:18:01 CEST 2014
>>Maybe simply:
>>
>>protocols: ARP, IPV4, IPV6
No objection for me.
@Stefan, do you think we need other protocols inside a vm ?
BTW, I'll also rework my ipv6 patch.
I thinked about extend $ruleset, to something like
$ruleset->{iptables}->{filter}
$ruleset->{iptables}->{nat}
$ruleset->{ip6tables}->{filter}
$ruleset->{ebtables}->{filter}
Like this, we can manage multi commands and filters.
What do you think about it ?
Also, for ebtables, they are ebtables-save and ebtables-restore (same format than iptables),
but they are not provided by debian ebtables package.(debian remove them in their patches).
do you think we can provide a pve-ebtables package ?
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>, "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Samedi 5 Juillet 2014 05:49:22
Objet: RE: [pve-devel] firewall : cluster.fw [rules] section ?
> It would be really nice if we can also define a set of protocols allowed for this
> VM.
>
> For example:
> layer2filter_protocls: ARP,IPV4,IPV6
Maybe simply:
protocols: ARP, IPV4, IPV6
More information about the pve-devel
mailing list