[pve-devel] firewall : cluster.fw [rules] section ?

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Fri Jul 4 14:17:02 CEST 2014


Am 04.07.2014 13:50, schrieb Stefan Priebe - Profihost AG:
> Am 04.07.2014 13:45, schrieb Alexandre DERUMIER:
>>>> What about ARP traffic? Smoeone can claim he is another mac in ARP. Even 
>>>> though ip traffic will then never reach the VM he still can tell via arp 
>>>> that this vm is for example the GW. 
>>
>> Oh, ok, you are right !
>>
>> I'll make a patch for ebtables,it  should be easy to implement.

This is an ugly hack to show what i mean.

ebtables hack:
http://pastebin.com/raw.php?i=LaLdg7nk

Stefan


More information about the pve-devel mailing list