[pve-devel] firewall : cluster.fw [rules] section ?
Alexandre DERUMIER
aderumier at odiso.com
Thu Jun 19 07:50:24 CEST 2014
>>But I don't see anywhere in the code where theses rules are generate ?
I think we could create a PVEFW-cluster-IN|OUT chain, and put it at same level that blacklist.
(and maybe make blacklist ipset more generic, if we can create a rule with blacklist)
also, I just found that ipset provide a net,iface hash
ipset create foo hash:net,iface
ipset add foo 192.168.0/24,eth0
ipset add foo 10.1.0.0/16,eth1
ipset test foo 192.168.0/24,eth0
maybe can we use it to implement ipfilter at cluster level ?
----- Mail original -----
De: "Alexandre DERUMIER" <aderumier at odiso.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Jeudi 19 Juin 2014 06:09:15
Objet: [pve-devel] firewall : cluster.fw [rules] section ?
Hi,
I see in cluster.fw a [rules] section,
But I don't see anywhere in the code where theses rules are generate ?
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list