[pve-devel] pve-firewall : add ipfilter protection
Alexandre DERUMIER
aderumier at odiso.com
Fri Jun 13 15:47:14 CEST 2014
>>I did a complete shutdown / kill kvm process and a fresh start.
Should not be necessary.
the firewall=0|1 in net interface, is to create a new bridge fwbrxxx, tap is detached from vmbrX, attached to fwbrxxx, and fwbrxx is plugged to vmbrx through a veth pair.
So this is done online.
----- Mail original -----
De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
À: "Alexandre DERUMIER" <aderumier at odiso.com>, "Dietmar Maurer" <dietmar at proxmox.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Vendredi 13 Juin 2014 15:41:08
Objet: Re: [pve-devel] pve-firewall : add ipfilter protection
Am 13.06.2014 15:36, schrieb Alexandre DERUMIER:
>>> And you enabled the firewall on that network interface? (stop/restart VM required).
> No vm restart is needed, hopefully ;)
I did a complete shutdown / kill kvm process and a fresh start.
Grüße
> ----- Mail original -----
>
> De: "Dietmar Maurer" <dietmar at proxmox.com>
> À: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>, "Alexandre DERUMIER" <aderumier at odiso.com>
> Cc: pve-devel at pve.proxmox.com
> Envoyé: Vendredi 13 Juin 2014 14:54:32
> Objet: RE: [pve-devel] pve-firewall : add ipfilter protection
>
>> OK seems my testing is wrong.
>>
>> What is did:
>>
>> /etc/pve/firewall/2004.fw:
>> [IPSET ipfilter-net0]
>> 10.10.28.5
>>
>> I then enabled the Firewall for this VM.
>
> Also enabled the firewall in cluster.fw?
>
>> The VM has now 10.10.28.4 on net0 - but the VM is still able to make traffic with
>> 10.10.28.4. Anything i did wrong?
>
> And you enabled the firewall on that network interface? (stop/restart VM required).
> Are normal firewall rules working?
>
More information about the pve-devel
mailing list