[pve-devel] RFC : iptables implementation
Alexandre DERUMIER
aderumier at odiso.com
Mon Jan 27 07:56:37 CET 2014
>>We just need to be aware of that.
>>I guess normally a user does not assign IPs to several
>>bridges, so it is no problem by default.
Hi, I have worked on it this weekend, I'll resend an improved version today.
(Taking some ideas from cloudstack, with less rules lookup)
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 24 Janvier 2014 09:07:22
Objet: RE: [pve-devel] RFC : iptables implementation
> ah ok, I understand. But isn't it blocked by the INPUT rule on host ? (10.1.0.2-
> >10.1.0.1) I'll do test today.
>
>
> If we really want to block host->tap, without known ip in guest, we could also
> only allow known authorized ips in output
We just need to be aware of that.
I guess normally a user does not assign IPs to several
bridges, so it is no problem by default.
More information about the pve-devel
mailing list