[pve-devel] firewall option nosmurfs and tcpflags
aderumier at odiso.com
Fri Apr 18 08:25:52 CEST 2014
>>I wonder if it is good enough to set those options for the whole host?
Yes, I think it's ok. It could also improve performance, for bad packets, less lookups in vmbr, tap chains.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER (aderumier at odiso.com)" <aderumier at odiso.com>, pve-devel at pve.proxmox.com
Envoyé: Vendredi 18 Avril 2014 07:51:46
Objet: firewall option nosmurfs and tcpflags
We currently allow option nosmurfs and tcpflags at VM level.
The bad thing is that all related logs are generated using VMID 0, so you would not see
the result in the VM firewall log.
I wonder if it is good enough to set those options for the whole host?
More information about the pve-devel