[pve-devel] pve-firewall : ip6tables + ebtables v4

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Wed Jul 16 10:31:15 CEST 2014


Hi,

Am 16.07.2014 01:14, schrieb Alexandre Derumier:
> changelog:
> 
> - clean all trailing whitespaces
> - add remove_pvefw_chains for ip6tables (for firewall stop)
> - add last stefan patch for ebtables mac parsing

i get the following ebtables:

active layer2filters (ARP):

Bridge chain: tap102i0-OUT, entries: 4, policy: ACCEPT
-s ! d2:d6:ce:ec:ae:b8 -j DROP
-p ARP -j ACCEPT
-j DROP
-j ACCEPT

This looks wrong (DROP / ACCEPT)

no layer2filters:

Bridge chain: tap103i0-OUT, entries: 2, policy: ACCEPT
-s ! e:df:d:91:a8:60 -j DROP
-j ACCEPT

Stefan


More information about the pve-devel mailing list