[pve-devel] pve-firewall : add ipfilter protection
Alexandre DERUMIER
aderumier at odiso.com
Fri Jun 13 15:45:09 CEST 2014
>>Are the global rules really global or just copied to each VM while
>>they're created?
I just see that we can define rules in cluster.fw, but I don't think they are applied anywhere ???
in cluster.fw, you can defined security group,ipset, aliases.
Then you can use them in rules in each vmid.fw.
>>Is it later possible to give a user the possibility to do its own
>>firewall stuff but not being allowed to EDIT my ipset filters for the
>>network cards?
for ipfilter ipset, I don't think it's possible currently to define them in cluster.fw.
Maybe it could be a better place than vmid.fw ? as it should be the datacenter admin to manage this kind of filtering.
----- Mail original -----
De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
À: "Dietmar Maurer" <dietmar at proxmox.com>, "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Vendredi 13 Juin 2014 14:39:36
Objet: Re: [pve-devel] pve-firewall : add ipfilter protection
Hi,
OK my test setup is up and running.
I'm not really familiar with the current firewall code in PVE.
Are the global rules really global or just copied to each VM while
they're created?
Is it later possible to give a user the possibility to do its own
firewall stuff but not being allowed to EDIT my ipset filters for the
network cards?
Stefan
Am 12.06.2014 10:41, schrieb Dietmar Maurer:
>
>
>> -----Original Message-----
>> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
>> Sent: Donnerstag, 12. Juni 2014 10:37
>> To: Dietmar Maurer
>> Cc: pve-devel at pve.proxmox.com; Stefan Priebe
>> Subject: Re: [pve-devel] pve-firewall : add ipfilter protection
>>
>> What is the netid for a openvz veth interface ?
>>
>
> eth0, eth1, ...
>
>> (maybe can we add an example ?)
>
> please add (send a patch).
>
More information about the pve-devel
mailing list