[pve-devel] RFC : iptables implementation
Dietmar Maurer
dietmar at proxmox.com
Fri Jan 24 08:57:06 CET 2014
> >>If you have several bridges with assigned IPs, traffic can be routed
> >>from one VM to another VM on different bridge. This will bypass all your
> firewall rules!
>
> Can you provide an network schema with guest and bridge ip address for this
> example ?
vmbr0(10.1.0.1/24) => VM1(10.1.0.2)
vmbr1(10.2.0.1/24) => VM2(10.2.0.2)
So traffic from VM1 to VM2 is enabled without firewall when you use gateway 10.1.0.1
More information about the pve-devel
mailing list