[pve-devel] pve-firewall: dhcp snooping
Dietmar Maurer
dietmar at proxmox.com
Wed Jun 4 14:50:53 CEST 2014
> > The 'allowed_ips' ipset idea is very easy to implement ...
> >
>
> OK so adding option IP to each netX.
No, I talk about an IPSet defined inside the <VMID>.fw file.
> Just don't know how to implement the
> firewall rule to only allow packets from this MAC and IP combination.
something like:
-A tap100i0-OUT -m mac ! --mac-source 0E:0B:38:B8:B3:21 -j DROP # we already have this
-A tap100i0-OUT --m set ! --match-set PVEFW-100-allowed-ips src -J DROP
More information about the pve-devel
mailing list