[pve-devel] pve-firewall : ebtables
Alexandre DERUMIER
aderumier at odiso.com
Tue Jul 15 13:16:53 CEST 2014
>>is there a bug?
>From the commit msg
"generate MAC and IP filter rules if firewall is enabled on NIC"
$net->{firewall} = 1
"Only omit rules if firewall is disabled."
$vmfw_conf->options->{enable} = 0
So,no bug, we generate macfilter if $net->{firewall}=1, even if $vmfw_conf->options->{enable}= 0
----- Mail original -----
De: "Alexandre DERUMIER" <aderumier at odiso.com>
À: "Dietmar Maurer" <dietmar at proxmox.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 15 Juillet 2014 13:14:14
Objet: Re: [pve-devel] pve-firewall : ebtables
>>I thought this is implemented by this commit?
>>
>>https://git.proxmox.com/?p=pve-firewall.git;a=commit;h=a34cfdd0d1caabb9c59a515056fbe98f7ee7a185
>>
>>is there a bug?
I think this patch was more about
$vmfw_conf->options->{enable}
and not
$net->{firewall}
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com, "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
Envoyé: Mardi 15 Juillet 2014 12:52:21
Objet: RE: [pve-devel] pve-firewall : ebtables
> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Dienstag, 15. Juli 2014 12:43
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com; Stefan Priebe - Profihost AG
> Subject: Re: [pve-devel] pve-firewall : ebtables
>
> >>macfilter works even if the vm has firewall=0
>
> Currently, it's not true,
>
> the tap chain (including mac filtering), is not generated if firewall=0
I thought this is implemented by this commit?
https://git.proxmox.com/?p=pve-firewall.git;a=commit;h=a34cfdd0d1caabb9c59a515056fbe98f7ee7a185
is there a bug?
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list