[pve-devel] [PATCH 0/3] Patch to add forward chain control in pve-firewall

Flavius Bindea flav at flav.com
Sun May 10 23:58:38 CEST 2015

How do are you doing that? Creating a group didn't adds anything in
FORWARD chain. And linux netfilter is forwarding all packets from one
bridge to the other (I am using the host as a "router" for the

2015-05-10 17:04 GMT+02:00 Dietmar Maurer <dietmar at proxmox.com>:
>> *guests in vmbr1 are allowed to receive external traffic only on port 80
>> *guests in vmbr2 are allowed only to receive only traffic on mysql
>> port from
>> set FORWARDING policy to REJECT or DROP
>> add rules:
>> * chain FORWARD from any to port tcp/80 accept
>> * chain FORWARD from to port tcp/3306 accept
> Why don't you use a security group for that?

More information about the pve-devel mailing list