[pve-devel] RFC : iptables implementation
Dietmar Maurer
dietmar at proxmox.com
Wed Jan 22 19:13:55 CET 2014
Well, we also need to have rules for traffic unrelated to VMs.,
i.e from and to the host.
> > don't known if it's better than
>
> >>Above would only handle traffic originated from a VM and skip traffic from
> outside (eth0)?
>
> maybe. I think we shouldn't filter from ethX, because outside can be also other
> hosts with others vm.
> (Or maybe users want to add some custom rules on ethX to protect the host
> itself, like this it doesn't conflict with openstack rules)
>
>
> also,maybe they are doing like this to add later some custom rules before the
> ACCEPT.
More information about the pve-devel
mailing list