[pve-devel] cluster FW seperated from vm fw?
Alexandre DERUMIER
aderumier at odiso.com
Wed Jun 18 16:04:27 CEST 2014
>>Is there any reason to enable a VM firewall just by checking the box at
>>the interface and ignore the cluster fw setting?
you can have a cluster.fw with only
"
[OPTIONS]
# enable firewall (cluster wide setting, default is disabled)
enable: 1
# default policy for host rules
policy_in: DROP
policy_out: ACCEPT
"
(aliases|ipset|group are defined, to be reused in vmid.fw rules, if you want, but it's optionnal)
and to disable host firewall (iptables input|ouput filter)
# /etc/pve/local/host.fw
[OPTIONS]
enable: 0
should be enough to disable host.fw
----- Mail original -----
De: "Stefan Priebe - Profihost AG" <s.priebe at profihost.ag>
À: pve-devel at pve.proxmox.com
Envoyé: Mercredi 18 Juin 2014 15:46:45
Objet: [pve-devel] cluster FW seperated from vm fw?
Hi,
is there any reason why VM firewall support is directly combined with
cluster firewall?
I mean it's nice if PVE brings it's own firewall for the host nodes but
for people like me who already have their firewall concepts for the host
nodes it a mess.
I really would like only to use the firewall for the VMs itself.
Is there any reason to enable a VM firewall just by checking the box at
the interface and ignore the cluster fw setting?
Stefan
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list