[pve-devel] pvefw security group questions
Dietmar Maurer
dietmar at proxmox.com
Thu Feb 27 16:04:25 CET 2014
> Can be usefull to do something like this for example
>
> vm1.FW
> GROUP-group1 net0 - - 80 - -
>
>
> vm2.FW
> GROUP-group1 net0 - - 22 - -
>
>
> and
> [GROUP1]
>
> ACCEPT 10.0.0.1 - - - -
> ACCEPT 10.0.0.2 - - - -
> ACCEPT 10.0.0.3 - - - -
I thought a security groupd would also defined thing which should be blocked, for example:
[GROUP1]
ACCEPT 10.0.0.1 - - - -
ACCEPT 10.0.0.2 - - - -
ACCEPT 10.0.0.3 - - - -
DROP - - udp -
So that DROP is simply skipped when you use:
vm1.FW
GROUP-group1 net0 - - 80 - -
That looks quite strange to me?
More information about the pve-devel
mailing list