[pve-devel] [PATCH] disable / filter dhcp traffic if dhcp is disabled
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Fri Jul 4 07:47:29 CEST 2014
Ok bad idea.
What I want to archieve is that even when all policies are set to enabled I want to have a highly isolated network for the vms. No broadcast or multicast should leave the vm. Only layer3 stuff.
Stefan
Excuse my typo sent from my mobile phone.
> Am 04.07.2014 um 05:58 schrieb Dietmar Maurer <dietmar at proxmox.com>:
>
> This is not how it works on shorewall, so I am not sure if we need this. why?l
>
>> -----Original Message-----
>> From: pve-devel [mailto:pve-devel-bounces at pve.proxmox.com] On Behalf Of
>> Stefan Priebe
>> Sent: Donnerstag, 03. Juli 2014 23:38
>> To: pve-devel at pve.proxmox.com
>> Subject: [pve-devel] [PATCH] disable / filter dhcp traffic if dhcp is disabled
>>
>>
>> Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
>> ---
>> src/PVE/Firewall.pm | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 27cf1e6..615f233
>> 100644
>> --- a/src/PVE/Firewall.pm
>> +++ b/src/PVE/Firewall.pm
>> @@ -1643,6 +1643,14 @@ sub ruleset_create_vm_chain {
>> ruleset_generate_rule($ruleset, $chain, { action => 'ACCEPT',
>> proto => 'udp', sport => 67,
>> dport => 68 });
>> }
>> + } else {
>> + if ($direction eq 'OUT') {
>> + ruleset_generate_rule($ruleset, $chain, { action => 'DROP',
>> + proto => 'udp', sport => 68,
>> dport => 67 });
>> + } else {
>> + ruleset_generate_rule($ruleset, $chain, { action => 'DROP',
>> + proto => 'udp', sport => 67,
>> dport => 68 });
>> + }
>> }
>>
>> if ($direction eq 'OUT') {
>> --
>> 1.7.10.4
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140704/c9ac48ab/attachment.htm>
More information about the pve-devel
mailing list