[pve-devel] [PATCH 1/2] Added Forward chain management

Flavius Bindea flav at flav.com
Fri May 15 16:45:14 CEST 2015


I think this will introduce a new level of complexity for the
administrator. (I already missed a configuration because gust firewall
has to be enabled in VM>firewall and in VM>hardware>network interface)
Comparing with other vendors "eg chekpoint" the firewalling is managed
at "datacenter" level  not going into server by server or vlan by
vlan.
What is done at interface level is for eg antispoofing filtering.
I'll have look into pfsense and openstack to see how they are doing.


2015-05-13 9:17 GMT+02:00 Dietmar Maurer <dietmar at proxmox.com>:
>> New test this morning.
>> in VM hardware the firewall was not enabled on the interface.
>> I have the tap chains created on forward chain.
>> So the solution VM by VM is working. It will be longer to configure
>> (need to do it on each VM).
>
> We just need a way to configure mandatory security groups, maybe per bridge?
>


More information about the pve-devel mailing list