[pve-devel] Quorum problems with NICs Intel of 10 Gb/s and VMsturns off
Cesar Peschiera
brain at click.com.py
Sun Jan 4 04:30:05 CET 2015
Thanks Michael for your reply
And what about of the tag firewall in the PVE GUI:
- For the Datacenter.
- For each PVE node.
- For the network device of the VM.
In general lines, i want to have all network traffic enabled (In/Out), and
only cut the traffic that i want cut, that in this case will be the igmp for
the VMs. So i guess that i need to have the PVE GUI of this mode:
- Firewall tag in Datacenter:
Enable Firewall: yes
Input policy: accept
Output policy: accept
- Firewall tag in PVE nodes:
Enable Firewall: yes
Or without import as is this configured (both- datacenter and PVE nodes),
will work well the rule that
you suggest me?
And the rule that you suggest me, where will be better put it?:
1) In the rc.local file (I don't like put it here)
2) In the PVE GUI (i believe that will be the best site), but i don't know
how add it, and guess that after, i will have that enable the firewall in
the network device of the VM (also in PVE GUI).
----- Original Message -----
From: "Michael Rasmussen" <mir at datanom.net>
To: "pve-devel" <pve-devel at pve.proxmox.com>
Sent: Saturday, January 03, 2015 11:34 PM
Subject: Re: [pve-devel] Quorum problems with NICs Intel of 10 Gb/s and
VMsturns off
>
> Now in the switch i have igmp snooping disabled, but i want to avoid
> flooding the entire VLAN and the VMs
>
Following rule on your pve nodes should prevent igmp packages flooding
your bridge:
iptables -t filter -A FORWARD -i vmbr0 -p igmp -j DROP
If something happens you can remove the rule this way:
iptables -t filter -D FORWARD -i vmbr0 -p igmp -j DROP
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
More information about the pve-devel
mailing list