[pve-devel] pve-firewall : nftables ?
Alexandre DERUMIER
aderumier at odiso.com
Mon Nov 26 09:00:47 CET 2018
Hi,
I would like to known if somebody have already made some test with nftables recently ?
Mainly, is not possible to use physdev direction,
like:
-A PVEFW-FWBR-OUT -m physdev --physdev-in tap160i1 --physdev-is-bridged -j tap160i1-OUT
I wonder if a simple vmap like this could work: ?
https://wiki.nftables.org/wiki-nftables/index.php/Classic_perimetral_firewall_example
chain forward {
type filter hook forward priority 0; policy drop;
jump global
oifname vmap { $nic_dmz : jump dmz_in , $nic_lan : jump lan_in }
oifname $nic_inet iifname vmap { $nic_dmz : jump dmz_out , $nic_lan : jump lan_out }
}
More information about the pve-devel
mailing list