[pve-devel] [PATCH] linux bridge and ovs new model implementation v6

Alexandre DERUMIER aderumier at odiso.com
Tue May 6 10:08:02 CEST 2014


>>> tap_unplug 
>>> firewall compile 
>>> tap_plug 
>>
>>more and more features ... 

Well, it's not mandatory, but if you have firewall enabled

vmbr<--fwbr<---tap

then you disable firewall rules through iptables,

it'll work but

you'll need to test each tapchain rules and do the ACCEPT at the end.
(in my firewall patches, I have a iptables -A forward ! -i fwbr+  at the begin)


What is the main problem to use PVE::Firewall in Network.pm ?

----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mardi 6 Mai 2014 09:46:06 
Objet: RE: [pve-devel] [PATCH] linux bridge and ovs new model implementation v6 

> I'm not sure, because in this case we need PVE::Firewall in QemuServer.pm, 
> to known which script to launch. 

sigh 


> Also, we should to be able to enable|disable firewall online, and change from 
> fwbr bridge to vmbr bridge. 
> 
> something like: 
> 
> ->disable|enable firewall for vmid 
> 
> tap_unplug 
> firewall compile 
> tap_plug 

more and more features ... 

I run out of time, because next week I need to start working on the mail gateway again. 



More information about the pve-devel mailing list