<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Ok bad idea.</div><div><br></div><div>What I want to archieve is that even when all policies are set to enabled I want to have a highly isolated network for the vms. No broadcast or multicast should leave the vm. Only layer3 stuff.<br><br>Stefan<div><br></div><div>Excuse my typo s<span style="font-size: 13pt;">ent from my mobile phone.</span></div></div><div><br>Am 04.07.2014 um 05:58 schrieb Dietmar Maurer <<a href="mailto:dietmar@proxmox.com">dietmar@proxmox.com</a>>:<br><br></div><blockquote type="cite"><div><span>This is not how it works on shorewall, so I am not sure if we need this. why?l</span><br><span></span><br><blockquote type="cite"><span>-----Original Message-----</span><br></blockquote><blockquote type="cite"><span>From: pve-devel [<a href="mailto:pve-devel-bounces@pve.proxmox.com">mailto:pve-devel-bounces@pve.proxmox.com</a>] On Behalf Of</span><br></blockquote><blockquote type="cite"><span>Stefan Priebe</span><br></blockquote><blockquote type="cite"><span>Sent: Donnerstag, 03. Juli 2014 23:38</span><br></blockquote><blockquote type="cite"><span>To: <a href="mailto:pve-devel@pve.proxmox.com">pve-devel@pve.proxmox.com</a></span><br></blockquote><blockquote type="cite"><span>Subject: [pve-devel] [PATCH] disable / filter dhcp traffic if dhcp is disabled</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Signed-off-by: Stefan Priebe <<a href="mailto:s.priebe@profihost.ag">s.priebe@profihost.ag</a>></span><br></blockquote><blockquote type="cite"><span>---</span><br></blockquote><blockquote type="cite"><span> src/PVE/Firewall.pm |    8 ++++++++</span><br></blockquote><blockquote type="cite"><span> 1 file changed, 8 insertions(+)</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 27cf1e6..615f233</span><br></blockquote><blockquote type="cite"><span>100644</span><br></blockquote><blockquote type="cite"><span>--- a/src/PVE/Firewall.pm</span><br></blockquote><blockquote type="cite"><span>+++ b/src/PVE/Firewall.pm</span><br></blockquote><blockquote type="cite"><span>@@ -1643,6 +1643,14 @@ sub ruleset_create_vm_chain {</span><br></blockquote><blockquote type="cite"><span>         ruleset_generate_rule($ruleset, $chain, { action => 'ACCEPT',</span><br></blockquote><blockquote type="cite"><span>                               proto => 'udp', sport => 67,</span><br></blockquote><blockquote type="cite"><span>dport => 68 });</span><br></blockquote><blockquote type="cite"><span>     }</span><br></blockquote><blockquote type="cite"><span>+    } else {</span><br></blockquote><blockquote type="cite"><span>+    if ($direction eq 'OUT') {</span><br></blockquote><blockquote type="cite"><span>+        ruleset_generate_rule($ruleset, $chain, { action => 'DROP',</span><br></blockquote><blockquote type="cite"><span>+                              proto => 'udp', sport => 68,</span><br></blockquote><blockquote type="cite"><span>dport => 67 });</span><br></blockquote><blockquote type="cite"><span>+    } else {</span><br></blockquote><blockquote type="cite"><span>+        ruleset_generate_rule($ruleset, $chain, { action => 'DROP',</span><br></blockquote><blockquote type="cite"><span>+                              proto => 'udp', sport => 67,</span><br></blockquote><blockquote type="cite"><span>dport => 68 });</span><br></blockquote><blockquote type="cite"><span>+    }</span><br></blockquote><blockquote type="cite"><span>     }</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>     if ($direction eq 'OUT') {</span><br></blockquote><blockquote type="cite"><span>--</span><br></blockquote><blockquote type="cite"><span>1.7.10.4</span><br></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>_______________________________________________</span><br></blockquote><blockquote type="cite"><span>pve-devel mailing list</span><br></blockquote><blockquote type="cite"><span><a href="mailto:pve-devel@pve.proxmox.com">pve-devel@pve.proxmox.com</a></span><br></blockquote><blockquote type="cite"><span><a href="http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel">http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel</a></span><br></blockquote><span></span><br><span></span><br></div></blockquote></body></html>