[pve-devel] pvefw security group questions

Dietmar Maurer dietmar at proxmox.com
Thu Feb 27 16:04:25 CET 2014


> Can be usefull to do something like this for example
> 
> vm1.FW
> GROUP-group1 net0 - - 80 - -
> 
> 
> vm2.FW
> GROUP-group1 net0 - - 22 - -
> 
> 
> and
> [GROUP1]
> 
> ACCEPT 10.0.0.1 - - - -
> ACCEPT 10.0.0.2 - - - -
> ACCEPT 10.0.0.3 - - - -

I thought a security groupd would also defined thing which should be blocked, for example:

[GROUP1]
 
ACCEPT 10.0.0.1 - - - -
ACCEPT 10.0.0.2 - - - -
ACCEPT 10.0.0.3 - - - -
DROP - - udp -

So that DROP is simply skipped when you use:

vm1.FW
GROUP-group1 net0 - - 80 - -

That looks quite strange to me?


More information about the pve-devel mailing list