[pve-devel] pve-firewall: dhcp snooping

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Wed Jun 4 14:31:02 CEST 2014


Am 04.06.2014 14:19, schrieb Dietmar Maurer:
>> I'm just afraid about the current situation which has no security at all. So
>> everybody can configure any ip he wants and send packets with it.
> 
> The 'allowed_ips' ipset idea is very easy to implement ...
> 

OK so adding option IP to each netX. Just don't know how to implement
the firewall rule to only allow packets from this MAC and IP combination.

Stefan




More information about the pve-devel mailing list