[pve-devel] pve-common : linux bridge and ovs new modelimplementation v2

Thu May 1 21:52:07 CEST 2014

> It's not possible with a firewall to say only send multicast traffic to a 
> specific host.
> (or it's not multicast anymore ;)

But, i think that is possible, while PVE is transmitting in mode multicast 
by ports UDP 5404 and 5405, the firewall can drop the packets for all except 
for the IP addresses that are the PVE Nodes.

A example in iptables (we know that the order of the rules is important for 
get this target):

iptables -A OUTPUT -o <a-IP-address-of-PVE-Node> -p udp -m multiport --ports 
5404,5405 -j ACCEPT
iptables -A OUTPUT -o <other-IP-address-of-Other-PVE-Node> -p udp -m 
multiport --ports 5404,5405 -j ACCEPT
#And finally the magic rule:
iptables -A OUTPUT -p udp -m multiport --ports 5404,5405 -j DROP

i see it very simple, or i am missing of something? 