[pve-devel] Firewalling between vms
Michel Loiseleur
michel at loiseleur.com
Mon Jul 23 11:44:35 CEST 2012
Ok. I wasn't aware of this "net.bridge.bridge-nf-call-iptables" sysctl parameter.
I'll take a deeper look and see what I can do with it.
Regards,
----- Mail original -----
> That is simply not true. You just need to change value in
> /etc/sysctl.d/pve.conf.
> I guess shorewall does that automatically if you configure
> bridge-ports.
>
>
> The initial question was how we can work around those limitations.
>
>
> shorewall is by far the 'simplest' solution (believe me).
>
>
> How do you implement DNAT? Does that work with ebtables?
> In future, we will extend the network model to have a routed setup,
> so
> ebtable will not work anyways.
>
>
> ebtables is not the way to go.
>
> I suggest you do more research on shorewall, and think about how we
> can generate a
> reasonable setup with shorewall.
>
> - Dietmar
>
More information about the pve-devel
mailing list