[pve-devel] pve-firewall : ebtables
Alexandre DERUMIER
aderumier at odiso.com
Tue Jul 15 12:11:13 CEST 2014
>>2.) Generally i would like to see the macfilter enabled for iptables and
>>ebtables even if the network card has firewall=0 but the vm has
>>firewall=1. Does this makes sense?
Just send a patch.
(could be great too if you could do some performance benchmark, network bandwidth|cpu usage with and without mac filtering)
----- Mail original -----
De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com
Envoyé: Mardi 15 Juillet 2014 10:48:34
Objet: Re: [pve-devel] pve-firewall : ebtables
Am 15.07.2014 06:39, schrieb Alexandre Derumier:
> Hi,
> here the ebtables patches, details are in commits.
>
> Please comment, feel free to change and adapt them.
Some questions:
1.) Is there any reason you generally allowed IPv4 and IPv6? Personally
i would like to allow IPv4 but block IPv6.
2.) Generally i would like to see the macfilter enabled for iptables and
ebtables even if the network card has firewall=0 but the vm has
firewall=1. Does this makes sense?
Stefan
More information about the pve-devel
mailing list