[pve-devel] [PATCH] linux bridge and ovs new model implementation v6
Alexandre DERUMIER
aderumier at odiso.com
Tue May 6 10:34:33 CEST 2014
>>cyclic dependency:
>>
>>Depends: libc6 (>= 2.7), libglib2.0-0 (>= 2.31.18), libnetfilter-log1 (>= 0.0.15), libnfnetlink0 (>= 1.0.0), perl, libpve-common-perl, pve-cluster, libpve-access-control
Ok, got it.
maybe could we move load_vmfw_conf() to pve-common ?
or I could pass to tap_plug the firewall enable value.
So, I need to read firewall config value in
/var/lib/qemu-server/pve-bridge (for qemu startup)
/usr/sbin/vznetaddbr (for openvz startup)
in API2:Qemu : vmconfig_update_net()
but this add a lot of pve-firewall dependencies
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 6 Mai 2014 10:17:37
Objet: RE: [pve-devel] [PATCH] linux bridge and ovs new model implementation v6
> Well, it's not mandatory, but if you have firewall enabled
>
> vmbr<--fwbr<---tap
>
> then you disable firewall rules through iptables,
>
> it'll work but
>
> you'll need to test each tapchain rules and do the ACCEPT at the end.
> (in my firewall patches, I have a iptables -A forward ! -i fwbr+ at the begin)
>
>
> What is the main problem to use PVE::Firewall in Network.pm ?
cyclic dependency:
Depends: libc6 (>= 2.7), libglib2.0-0 (>= 2.31.18), libnetfilter-log1 (>= 0.0.15), libnfnetlink0 (>= 1.0.0), perl, libpve-common-perl, pve-cluster, libpve-access-control
More information about the pve-devel
mailing list