[pve-devel] pve-firewall: dhcp snooping

Dietmar Maurer dietmar at proxmox.com
Wed Jun 4 12:15:17 CEST 2014


> > Is something like this possible with the current firewall code?
> 
> Not implemented, because we do not have/store a list of IPs.
> 
> One option would be to store the list of allowed IP in the VM network config:
> 
> net0: e1000=0E:0B:38:B8:B3:21,bridge=vmbr0,firewall=1,ip=192.168.2.3
> 
> It is then easy to implement such filter.

Or we simple define an IPset with predefine named, for example 'allowed_ips'.
The we add a filter for that ipset (if it exists).





More information about the pve-devel mailing list