[pve-devel] firewall : cluster.fw [rules] section ?

Stefan Priebe s.priebe at profihost.ag
Sat Jul 5 21:17:07 CEST 2014


Am 05.07.2014 17:18, schrieb Daniel Hunsaker:
> Is 802_1Q required for VLAN traffic?

Yes.

 >  Or do we have a mechanism for
> adding/removing VLAN tags outside the VMs?

Yes it's already in proxmox. If you set a vlan tag inside the gui for a 
network card - exactly this happens. Traffic gets untagged at the bridge.

Stefan

> On Jul 5, 2014 7:37 AM, "Alexandre DERUMIER" <aderumier at odiso.com
> <mailto:aderumier at odiso.com>> wrote:
>
>      >>What about ICMP? among other things ICMP is used to optimize network
>      >>traffic and QoS.
>
>     yes, sure ;)  icmp and icmpv6 are included in IPV4 and IPV6
>
>     available ebtables protocol are :
>
>     cat /etc/ethertypes
>
>     IPv4            0800    ip ip4          # Internet IP (IPv4)
>     X25             0805
>     ARP             0806    ether-arp       #
>     FR_ARP          0808                    # Frame Relay ARP
>       [RFC1701]
>     BPQ             08FF                    # G8BPQ AX.25 Ethernet Packet
>     DEC             6000                    # DEC Assigned proto
>     DNA_DL          6001                    # DEC DNA Dump/Load
>     DNA_RC          6002                    # DEC DNA Remote Console
>     DNA_RT          6003                    # DEC DNA Routing
>     LAT             6004                    # DEC LAT
>     DIAG            6005                    # DEC Diagnostics
>     CUST            6006                    # DEC Customer use
>     SCA             6007                    # DEC Systems Comms Arch
>     TEB             6558                    # Trans Ether Bridging
>     [RFC1701]
>     RAW_FR          6559                    # Raw Frame Relay
>       [RFC1701]
>     AARP            80F3                    # Appletalk AARP
>     ATALK           809B                    # Appletalk
>     802_1Q          8100    8021q 1q 802.1q dot1q # 802.1Q Virtual LAN
>     tagged frame
>     IPX             8137                    # Novell IPX
>     NetBEUI         8191                    # NetBEUI
>     IPv6            86DD    ip6             # IP version 6
>     PPP             880B                    # PPP
>     ATMMPOA         884C                    # MultiProtocol over ATM
>     PPP_DISC        8863                    # PPPoE discovery messages
>     PPP_SES         8864                    # PPPoE session messages
>     ATMFATE         8884                    # Frame-based ATM Transport
>     over Ethernet
>     LOOP            9000    loopback        # loop proto
>
>
>     ----- Mail original -----
>
>     De: "Michael Rasmussen" <mir at datanom.net <mailto:mir at datanom.net>>
>     À: pve-devel at pve.proxmox.com <mailto:pve-devel at pve.proxmox.com>
>     Envoyé: Samedi 5 Juillet 2014 14:52:04
>     Objet: Re: [pve-devel] firewall : cluster.fw [rules] section ?
>
>     On Sat, 05 Jul 2014 14:18:01 +0200 (CEST)
>     Alexandre DERUMIER <aderumier at odiso.com
>     <mailto:aderumier at odiso.com>> wrote:
>
>      > >>Maybe simply:
>      > >>
>      > >>protocols: ARP, IPV4, IPV6
>      >
>      > No objection for me.
>      >
>      > @Stefan, do you think we need other protocols inside a vm ?
>      >
>     What about ICMP? among other things ICMP is used to optimize network
>     traffic and QoS.
>
>     --
>     Hilsen/Regards
>     Michael Rasmussen
>
>     Get my public GnuPG keys:
>     michael <at> rasmussen <dot> cc
>     http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
>     mir <at> datanom <dot> net
>     http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
>     mir <at> miras <dot> org
>     http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
>     --------------------------------------------------------------
>     /usr/games/fortune -es says:
>     Q: What's the difference between USL and the Titanic?
>     A: The Titanic had a band.
>
>     _______________________________________________
>     pve-devel mailing list
>     pve-devel at pve.proxmox.com <mailto:pve-devel at pve.proxmox.com>
>     http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>     _______________________________________________
>     pve-devel mailing list
>     pve-devel at pve.proxmox.com <mailto:pve-devel at pve.proxmox.com>
>     http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>


More information about the pve-devel mailing list