[pve-devel] pve-firewall : ebtables
dietmar at proxmox.com
Tue Jul 15 12:50:01 CEST 2014
> >>1.) Is there any reason you generally allowed IPv4 and IPv6?
> >>Personally i would like to allow IPv4 but block IPv6.
> Do you want to do it by vm or globally ?
> In my ebtables patch, I just accept for ipv4 and ipv6 at the begin, to manage
> mac filtering at iptables level.
> (for performance, because with conntrack established, we don't need to
> check each packet)
maybe a new 'version' option for <vmid>.fw:
and maybe new option for rules to indicate the version, so that we can block ipv4 or ipv6 only:
IN DROP -v6
IN ACCEPT -v4
More information about the pve-devel