[pve-devel] pve-firewall: dhcp snooping

Dietmar Maurer dietmar at proxmox.com
Wed Jun 4 12:10:27 CEST 2014


> i'm starting to deploy the pve-firewall code on a test cluster.
> 
> Something i really would like to have is dhcp snooping on the linux bridge so that
> VMs controlled by somebody else can't use fake / wrong ip adresses.
> 
> Is something like this possible with the current firewall code?

Not implemented, because we do not have/store a list of IPs.

One option would be to store the list of allowed IP in the VM network config:

net0: e1000=0E:0B:38:B8:B3:21,bridge=vmbr0,firewall=1,ip=192.168.2.3

It is then easy to implement such filter.




More information about the pve-devel mailing list