[pve-devel] pve-firewall : add ipfilter protection

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Fri Jun 13 15:41:08 CEST 2014


Am 13.06.2014 15:36, schrieb Alexandre DERUMIER:
>>> And you enabled the firewall on that network interface? (stop/restart VM required). 
> No vm restart is needed, hopefully ;)

I did a complete shutdown / kill kvm process and a fresh start.

Grüße

> ----- Mail original ----- 
> 
> De: "Dietmar Maurer" <dietmar at proxmox.com> 
> À: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>, "Alexandre DERUMIER" <aderumier at odiso.com> 
> Cc: pve-devel at pve.proxmox.com 
> Envoyé: Vendredi 13 Juin 2014 14:54:32 
> Objet: RE: [pve-devel] pve-firewall : add ipfilter protection 
> 
>> OK seems my testing is wrong. 
>>
>> What is did: 
>>
>> /etc/pve/firewall/2004.fw: 
>> [IPSET ipfilter-net0] 
>> 10.10.28.5 
>>
>> I then enabled the Firewall for this VM. 
> 
> Also enabled the firewall in cluster.fw? 
> 
>> The VM has now 10.10.28.4 on net0 - but the VM is still able to make traffic with 
>> 10.10.28.4. Anything i did wrong? 
> 
> And you enabled the firewall on that network interface? (stop/restart VM required). 
> Are normal firewall rules working? 
> 



More information about the pve-devel mailing list