[pve-devel] pve-firewall : iptables V2
Alexandre Derumier
aderumier at odiso.com
Fri Feb 7 16:22:26 CET 2014
changelog:
add support for host firewall and group rules.
It's use iptables-restore now, so rules are applied atomicaly
Also, I don't use anymore return in inbound rule, but directly jump in outbound rules, so less rules lookup
FORWARD chains lists are
FORWARD--->proxmoxfw-FORWARD
----> BRIDGEFW-OUT
--->VMBRX-OUT
------->TAPXX-OUT
--->ACCEPT(==JUMP VMBRX-IN)
--->GROUP-xxx-OUT
--->ACCEPT(==JUMP BRIDGEFW-IN)
---->BRIDGEFW-IN
---->VMBRX-IN
------->TAPXX-IN
---->ACCEPT
---->GROUP-xxx-IN
----->ACCEPT
Please test :)
(config files sample for host,group,vm firewall are in commits)
More information about the pve-devel
mailing list