[pve-devel] pve-firewall : iptables V2
Alexandre DERUMIER
aderumier at odiso.com
Fri Feb 14 05:08:18 CET 2014
>>I would not rely on that. We need a way to correctly update rules without relying on previous state.
Ok, I'll send a patch to generale the whole firewall rules.
I don't think it'll be slow anyway. (and no more iptables_exist, so it can be more reliable too)
But we need to sure that our parser is ok, because if one rule is wrong in 1 vm, we can't apply the rules for all vms.
(I just detected a bug, where you can setup a port range like 100-80)
I'll try to send a patch today.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Jeudi 13 Février 2014 19:07:59
Objet: RE: [pve-devel] pve-firewall : iptables V2
> and if the vm is shutdown, the tap chain is already removed on vm_stop.
I would not rely on that. We need a way to correctly update rules without relying on previous state.
More information about the pve-devel
mailing list