[pve-devel] pve-firewall : ipv6 support ?
Dietmar Maurer
dietmar at proxmox.com
Fri Jun 27 06:58:57 CEST 2014
> I don't like to much the extra section.
> Because a vm could have both ipv4 and ipv6, I think it could be better to not
> manage twice the rules.
>
> I thinked of simply duplicated rules in iptables and ip6tables,
> if a rule use src or dst ipv4 skip it in ip6tables
> if a rule use src or dst ipv6 skip it in iptables
> use -p icmp or -p icmpv6
OK
> I think we can generate ip6tables by default, it shouldn't slowdown rules
> processing, because ipv4 never go in theses tables.
>
>
> I'll do tests next week. (and also works on the wiki, I'll write some doc about ips
> option and suricata)
great.
More information about the pve-devel
mailing list