[PVE-User] less a firewall rule?
lyt_yudi
lyt_yudi at icloud.com
Mon Jul 28 09:51:25 CEST 2014
hi, Alexandre
pve-firewall.log for vm101 net0 ,from vm103 net0, use ping.
101 7 tap101i0-IN 28/Jul/2014:15:49:17 +0800 policy DROP: IN=fwbr101i0 OUT=fwbr101i0 PHYSIN=fwln101i0 PHYSOUT=tap101i0 MAC=76:a4:04:1d:4f:be:ce:60:6c:fb:81:4f:08:00 SRC=172.16.4.103 DST=172.16.4.101 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=1318 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=984
# cat 101.fw
[OPTIONS]
log_level_in: debug
enable: 1
policy_in: DROP
log_level_out: debug
[RULES]
IN ACCEPT -i net1 -source +test
# cat 103.fw
[OPTIONS]
log_level_in: debug
enable: 1
log_level_out: debug
[RULES]
IN ACCEPT -source +testnet
# cat cluster.fw
[OPTIONS]
enable: 1
[IPSET testnet]
10.0.0.0/8
172.16.0.0/16
192.168.0.0/16
[RULES]
IN ACCEPT -source +testnet
# pve-firewall simulate -from vm103 -to vm101 --dport 22
Test packet:
from : vm103
to : vm101
proto : tcp
dport : 22
ACTION: DROP
在 2014年7月28日,下午3:45,Alexandre DERUMIER <aderumier at odiso.com> 写道:
> can you provide firewall config files ?
>
> /etc/pve/firewall/<vmid>.fw
> /etc/pve/firewall/cluster.fw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20140728/f537781a/attachment.htm>
More information about the pve-user
mailing list