[pve-devel] firewall : cluster.fw [rules] section ?
Stefan Priebe
s.priebe at profihost.ag
Sat Jul 5 21:17:07 CEST 2014
Am 05.07.2014 17:18, schrieb Daniel Hunsaker:
> Is 802_1Q required for VLAN traffic?
Yes.
> Or do we have a mechanism for
> adding/removing VLAN tags outside the VMs?
Yes it's already in proxmox. If you set a vlan tag inside the gui for a
network card - exactly this happens. Traffic gets untagged at the bridge.
Stefan
> On Jul 5, 2014 7:37 AM, "Alexandre DERUMIER" <aderumier at odiso.com
> <mailto:aderumier at odiso.com>> wrote:
>
> >>What about ICMP? among other things ICMP is used to optimize network
> >>traffic and QoS.
>
> yes, sure ;) icmp and icmpv6 are included in IPV4 and IPV6
>
> available ebtables protocol are :
>
> cat /etc/ethertypes
>
> IPv4 0800 ip ip4 # Internet IP (IPv4)
> X25 0805
> ARP 0806 ether-arp #
> FR_ARP 0808 # Frame Relay ARP
> [RFC1701]
> BPQ 08FF # G8BPQ AX.25 Ethernet Packet
> DEC 6000 # DEC Assigned proto
> DNA_DL 6001 # DEC DNA Dump/Load
> DNA_RC 6002 # DEC DNA Remote Console
> DNA_RT 6003 # DEC DNA Routing
> LAT 6004 # DEC LAT
> DIAG 6005 # DEC Diagnostics
> CUST 6006 # DEC Customer use
> SCA 6007 # DEC Systems Comms Arch
> TEB 6558 # Trans Ether Bridging
> [RFC1701]
> RAW_FR 6559 # Raw Frame Relay
> [RFC1701]
> AARP 80F3 # Appletalk AARP
> ATALK 809B # Appletalk
> 802_1Q 8100 8021q 1q 802.1q dot1q # 802.1Q Virtual LAN
> tagged frame
> IPX 8137 # Novell IPX
> NetBEUI 8191 # NetBEUI
> IPv6 86DD ip6 # IP version 6
> PPP 880B # PPP
> ATMMPOA 884C # MultiProtocol over ATM
> PPP_DISC 8863 # PPPoE discovery messages
> PPP_SES 8864 # PPPoE session messages
> ATMFATE 8884 # Frame-based ATM Transport
> over Ethernet
> LOOP 9000 loopback # loop proto
>
>
> ----- Mail original -----
>
> De: "Michael Rasmussen" <mir at datanom.net <mailto:mir at datanom.net>>
> À: pve-devel at pve.proxmox.com <mailto:pve-devel at pve.proxmox.com>
> Envoyé: Samedi 5 Juillet 2014 14:52:04
> Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ?
>
> On Sat, 05 Jul 2014 14:18:01 +0200 (CEST)
> Alexandre DERUMIER <aderumier at odiso.com
> <mailto:aderumier at odiso.com>> wrote:
>
> > >>Maybe simply:
> > >>
> > >>protocols: ARP, IPV4, IPV6
> >
> > No objection for me.
> >
> > @Stefan, do you think we need other protocols inside a vm ?
> >
> What about ICMP? among other things ICMP is used to optimize network
> traffic and QoS.
>
> --
> Hilsen/Regards
> Michael Rasmussen
>
> Get my public GnuPG keys:
> michael <at> rasmussen <dot> cc
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
> mir <at> datanom <dot> net
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
> mir <at> miras <dot> org
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
> --------------------------------------------------------------
> /usr/games/fortune -es says:
> Q: What's the difference between USL and the Titanic?
> A: The Titanic had a band.
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com <mailto:pve-devel at pve.proxmox.com>
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com <mailto:pve-devel at pve.proxmox.com>
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
More information about the pve-devel
mailing list