[pve-devel] firewall and IGMP
Alexandre DERUMIER
aderumier at odiso.com
Wed May 21 07:01:09 CEST 2014
Hi,
indeed igmp is filtered, and that's break my multicast traffic
-A PVEFW-HOST-OUT --protocol igmp -j ACCEPT
-A PVEFW-HOST-IN --protocol igmp -j ACCEPT
is enough to resolve the problem
(by the way, I think a igmp macro (or proto) could be great, if we want to use multicast inside a vm)
----- Mail original -----
De: "Alexandre DERUMIER" <aderumier at odiso.com>
À: "Dietmar Maurer" <dietmar at proxmox.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mercredi 21 Mai 2014 06:10:24
Objet: Re: [pve-devel] firewall and IGMP
Ok, I'll test igmp and multicast with them today
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mercredi 21 Mai 2014 06:05:21
Objet: RE: [pve-devel] firewall and IGMP
> ruleset_addrule($ruleset, $chain, "-m addrtype --dst-type MULTICAST -j
> ACCEPT");
I reworked the corosync rules, so we now have this:
-A PVEFW-HOST-IN -s 192.168.0.0/20 -d 192.168.0.0/20 -p udp --dport 5404:5405 -j RETURN
-A PVEFW-HOST-IN -s 192.168.0.0/20 -m addrtype --dst-type MULTICAST -p udp --dport 5404:5405 -j RETURN
-A PVEFW-HOST-OUT -d 192.168.0.0/20 -p udp --dport 5404:5405 -j RETURN
-A PVEFW-HOST-OUT -m addrtype --dst-type MULTICAST -p udp --dport 5404:5405 -j RETURN
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list