[pve-devel] [PATCH 0/3] Patch to add forward chain control in pve-firewall

Dietmar Maurer dietmar at proxmox.com
Sun May 10 17:04:30 CEST 2015


> *guests in vmbr1 are allowed to receive external traffic only on port 80
> *guests in vmbr2 are allowed only to receive only traffic on mysql
> port from 10.1.1.0/24
> 
> set FORWARDING policy to REJECT or DROP
> add rules:
> * chain FORWARD from any to 10.1.1.0/24 port tcp/80 accept
> * chain FORWARD from 10.1.1.0/25 to 10.1.2.0/24 port tcp/3306 accept

Why don't you use a security group for that?



More information about the pve-devel mailing list