[pve-devel] Firewall hooks
Harald Leithner
leithner at itronic.at
Thu Mar 22 12:28:49 CET 2018
Hi,
it seams that there are no firewall hooks in pve-firewall is this correct?
I would like to add my own action before, after the firewall
configuration for a VM is stop,started or reloaded.
My use case would be adding ARP filter and bridge filter rules, because
at the moment each VM gets all ARP traffic and multicast traffic that it
may not need. So I tested to build arptables rules to block misdirected
ARP requests.
By doing this it saves me about 10kbit/s for a idle VM dropping to
almost 4kbit/s, dropping multicast and STP requests reduce this to
2kbit/s. This doesn't sound much but don't having this traffic on each
VM reduces CPU context switches and prevent information leak to the VM.
Is there any point I could attach my own script?
thx
Harald
--
Harald Leithner
ITronic
Wiedner Hauptstraße 120/5.1, 1050 Wien, Austria
Tel: +43-1-545 0 604
Mobil: +43-699-123 78 4 78
Mail: leithner at itronic.at | itronic.at
More information about the pve-devel
mailing list