[pve-devel] RFC : iptables implementation
Dietmar Maurer
dietmar at proxmox.com
Fri Jan 24 09:07:22 CET 2014
> ah ok, I understand. But isn't it blocked by the INPUT rule on host ? (10.1.0.2-
> >10.1.0.1) I'll do test today.
>
>
> If we really want to block host->tap, without known ip in guest, we could also
> only allow known authorized ips in output
We just need to be aware of that.
I guess normally a user does not assign IPs to several
bridges, so it is no problem by default.
More information about the pve-devel
mailing list