[pve-devel] pve-firewall : enable|disable firewall atinterface level

Alexandre DERUMIER aderumier at odiso.com
Mon Apr 28 17:22:14 CEST 2014 

>>I believe that add it to network interface config isn't good idea, because 
>>if we have several VMs in the same host and the network interface config was 
>>changed, will be unpleasant to need to do a shutdown the VMs and restart the 
>>physical server for that the changes take effect

I was talking about network interface of the vm configuration, not /etc/network/interfaces of the host ;)

net0 : net0: virtio=1E:0B:85:27:8D:65,bridge=vmbr0,fw=0|1


----- Mail original ----- 

De: "Cesar Peschiera" <brain at click.com.py> 
À: "pve-devel" <pve-devel at pve.proxmox.com> 
Envoyé: Lundi 28 Avril 2014 17:16:15 
Objet: Re: [pve-devel] pve-firewall : enable|disable firewall atinterface level 

I believe that add it to network interface config isn't good idea, because 
if we have several VMs in the same host and the network interface config was 
changed, will be unpleasant to need to do a shutdown the VMs and restart the 
physical server for that the changes take effect 

----- Original Message ----- 
From: "Dietmar Maurer" <dietmar at proxmox.com> 
To: "Alexandre DERUMIER" <aderumier at odiso.com>; "pve-devel" 
<pve-devel at pve.proxmox.com> 
Sent: Monday, April 28, 2014 10:49 AM 
Subject: Re: [pve-devel] pve-firewall : enable|disable firewall atinterface 
level 


>> we can have vms with public interface (need firewall), and private 
>> interface 
>> (dedicatedvlan without firewall). 
>> 
>> I would like to be able to enable/disable firewall in vmid.conf, in 
>> network 
>> interface config,instead globally for the whole vm in vmid.fw. 
>> 
>> I have some database doing a lot of connections for example, and I don't 
>> want 
>> extra firewall lookup/conntrack from theses interfaces 
>> 
>> 
>> What do you think about it ? 
> 
> I thought about having a flag per VM , but we can also add it to network 
> interface config ( OK for me). 
> 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel at pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
> 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

More information about the pve-devel mailing list