[pve-devel] pve-firewall : iptables V2
Alexandre DERUMIER
aderumier at odiso.com
Thu Feb 13 05:57:26 CET 2014
any comments for theses patches ?
----- Mail original -----
De: "Alexandre Derumier" <aderumier at odiso.com>
À: pve-devel at pve.proxmox.com
Envoyé: Vendredi 7 Février 2014 16:22:26
Objet: [pve-devel] pve-firewall : iptables V2
changelog:
add support for host firewall and group rules.
It's use iptables-restore now, so rules are applied atomicaly
Also, I don't use anymore return in inbound rule, but directly jump in outbound rules, so less rules lookup
FORWARD chains lists are
FORWARD--->proxmoxfw-FORWARD
----> BRIDGEFW-OUT
--->VMBRX-OUT
------->TAPXX-OUT
--->ACCEPT(==JUMP VMBRX-IN)
--->GROUP-xxx-OUT
--->ACCEPT(==JUMP BRIDGEFW-IN)
---->BRIDGEFW-IN
---->VMBRX-IN
------->TAPXX-IN
---->ACCEPT
---->GROUP-xxx-IN
----->ACCEPT
Please test :)
(config files sample for host,group,vm firewall are in commits)
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list