[pve-devel] pve-firewall : add ipfilter protection

Alexandre DERUMIER aderumier at odiso.com
Wed Jun 11 15:49:22 CEST 2014


>>Can you please give me an example how to limit a user to a specific ip
>>with your commit?

Do have read the code, but it should be

in /etc/pve/firewall/vmid.fw


[IPSET ipfilter]
192.168.0.1
10.0.0.0/8
....




----- Mail original ----- 

De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag> 
À: "Dietmar Maurer" <dietmar at proxmox.com>, "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mercredi 11 Juin 2014 15:30:18 
Objet: Re: [pve-devel] pve-firewall : add ipfilter protection 


Am 11.06.2014 10:07, schrieb Dietmar Maurer: 
>>>> Would it make sense to also allow ip/mask notation so pve knows more about 
>> the network? May be display user ip settings? 
>> 
>> Don't have tested, but I think it should work. I'll test that today. 
> 
> I just applied a simplified version of your patch. 
> 
> I simply apply the filter if the VM firewall configuration defines a ipset named 'ipfilter'. 
> 
> This works with venet and tap devices, and does not require any change in qemu-server config. 
> 
> Does that work for you? 

Can you please give me an example how to limit a user to a specific ip 
with your commit? 

Which lines do i have to insert into which files? 

Thanks! 

Greets, 
Stefan 



More information about the pve-devel mailing list