[pve-devel] [PATCH 0/3] Patch to add forward chain control in pve-firewall

Dietmar Maurer dietmar at proxmox.com
Sun May 10 17:04:30 CEST 2015

> *guests in vmbr1 are allowed to receive external traffic only on port 80
> *guests in vmbr2 are allowed only to receive only traffic on mysql
> port from
> set FORWARDING policy to REJECT or DROP
> add rules:
> * chain FORWARD from any to port tcp/80 accept
> * chain FORWARD from to port tcp/3306 accept

Why don't you use a security group for that?

More information about the pve-devel mailing list