[pve-devel] pve-firewall : ebtables

Dietmar Maurer dietmar at proxmox.com
Tue Jul 15 13:14:21 CEST 2014


> With my patches, currently, the rules are applied both iptables and ip6tables.
> (exception if a ipv4 src|dst exist in a rule,ipset,.. it's just skipped in ip6tables)
> 
> I think it's better than manage twice the rules for ipv4 and ipv6 (manage
> ipsetv6, groupv6, rulesv6,...).

Sure, that is OK so far.

What I want is an additional option, so that I can drop all ipv6 traffic for example:

IN DROP -v6

by default, a rules apply to ipv4 and ipv6, so there is no need to manage twice.




More information about the pve-devel mailing list