[pve-devel] [PATCH] linux bridge and ovs new model implementation v6
Alexandre DERUMIER
aderumier at odiso.com
Tue May 6 10:08:02 CEST 2014
>>> tap_unplug
>>> firewall compile
>>> tap_plug
>>
>>more and more features ...
Well, it's not mandatory, but if you have firewall enabled
vmbr<--fwbr<---tap
then you disable firewall rules through iptables,
it'll work but
you'll need to test each tapchain rules and do the ACCEPT at the end.
(in my firewall patches, I have a iptables -A forward ! -i fwbr+ at the begin)
What is the main problem to use PVE::Firewall in Network.pm ?
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 6 Mai 2014 09:46:06
Objet: RE: [pve-devel] [PATCH] linux bridge and ovs new model implementation v6
> I'm not sure, because in this case we need PVE::Firewall in QemuServer.pm,
> to known which script to launch.
sigh
> Also, we should to be able to enable|disable firewall online, and change from
> fwbr bridge to vmbr bridge.
>
> something like:
>
> ->disable|enable firewall for vmid
>
> tap_unplug
> firewall compile
> tap_plug
more and more features ...
I run out of time, because next week I need to start working on the mail gateway again.
More information about the pve-devel
mailing list