[pve-devel] PVE Firewall
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Mon Jun 16 09:31:07 CEST 2014
Am 16.06.2014 09:21, schrieb Stefan Priebe - Profihost AG:
> Am 13.06.2014 20:33, schrieb Dietmar Maurer:
>>> i would like to have different levels of firewall. Something the USER / VM Owner
>>> can control and something the PVE Manage / Sysadmin can control.
>>>
>>> So i can give the user the ability to use the new cool firewall code but i can still
>>> be shure that he doesn't use a DHCP Server, didn't disable the MAC filter and
>>> doesn't fake IP adresses.
> That sounds great too ;-)
>
> Still need to figure out why the firewall does not work for me at all.
OK got the answer. May be a bit too difficult for new users ;-)
You need to also check the firewall button on the network interface.
Isn't that a bit too complex?
So we have:
- gobal firewall button (cluster.fw) (ok makes sense - so the proxmox
admin can decide whether VM users can use this feature at all)
- VM based firewall checkbox to enable / disable this per VM
- Network card base checkbox
Why do we need the VM based checkbox if we already have that for each nic?
Stefan
More information about the pve-devel
mailing list