[pve-devel] pve-firewall : add ipfilter protection
Alexandre DERUMIER
aderumier at odiso.com
Wed Jun 11 15:49:22 CEST 2014
>>Can you please give me an example how to limit a user to a specific ip
>>with your commit?
Do have read the code, but it should be
in /etc/pve/firewall/vmid.fw
[IPSET ipfilter]
192.168.0.1
10.0.0.0/8
....
----- Mail original -----
De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
À: "Dietmar Maurer" <dietmar at proxmox.com>, "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mercredi 11 Juin 2014 15:30:18
Objet: Re: [pve-devel] pve-firewall : add ipfilter protection
Am 11.06.2014 10:07, schrieb Dietmar Maurer:
>>>> Would it make sense to also allow ip/mask notation so pve knows more about
>> the network? May be display user ip settings?
>>
>> Don't have tested, but I think it should work. I'll test that today.
>
> I just applied a simplified version of your patch.
>
> I simply apply the filter if the VM firewall configuration defines a ipset named 'ipfilter'.
>
> This works with venet and tap devices, and does not require any change in qemu-server config.
>
> Does that work for you?
Can you please give me an example how to limit a user to a specific ip
with your commit?
Which lines do i have to insert into which files?
Thanks!
Greets,
Stefan
More information about the pve-devel
mailing list