[pve-devel] disabling iptables on bridge by default (like rhel6 and rhev) ?
Dietmar Maurer
dietmar at proxmox.com
Wed Mar 7 09:18:11 CET 2012
OK, lets go that way.
I guess it is best to add the file /etc/sysctl.d/pve.conf
Best to include to the pve-cluster package?
Would you mind to create a patch?
> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Mittwoch, 07. März 2012 09:03
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] disabling iptables on bridge by default (like rhel6 and
> rhev) ?
>
> Do you think people use iptables to filter "inside" the bridge, to filter traffic
> between vm on the same bridge ?
>
> I think most people are firewalling from vm to outside world ?
>
> original redhat bugzilla
>
> https://bugzilla.redhat.com/show_bug.cgi?id=512206
>
> ----- Mail original -----
>
> De: "Dietmar Maurer" <dietmar at proxmox.com>
> À: "Alexandre DERUMIER" <aderumier at odiso.com>, pve-
> devel at pve.proxmox.com
> Envoyé: Mercredi 7 Mars 2012 08:49:14
> Objet: RE: [pve-devel] disabling iptables on bridge by default (like rhel6 and rhev)
> ?
>
> > > I use these parameters since 1 year now, witthout any problem.
> >
> > Well, that will break all(most) firewalls people run on PVE?
>
> Or do you assume that any serious firewall script set those flags anyways?
>
> I am a bit scared because I am aware of some people using iptables directly.
>
> - Dietmar
>
>
>
>
> --
>
> --
>
>
>
>
> Alexandre D erumier
> Ingénieur Système
> Fixe : 03 20 68 88 90
> Fax : 03 20 68 90 81
> 45 Bvd du Général Leclerc 59100 Roubaix - France
> 12 rue Marivaux 75002 Paris - France
>
More information about the pve-devel
mailing list