[PVE-User] Shorewall + Proxmox
Dietmar Maurer
dietmar at proxmox.com
Sat Jan 3 09:32:31 CET 2009
Hi Giuliano,
sorry for the delay, but unfortunately that firewall/iptable thing is
quite complex.
Please can we use our mailing list for this communication
<pve-user at pve.proxmox.com>
> With the latest versione of kernel the true solution is using the
> PHISYCAL DEV, shorewall uses it with my example.
>
> In any case i'm very interested in this.
I also though this is the way to go, but the shorewall docu says:
http://www1.shorewall.net/bridge-Shorewall-perl.html
----------------------
To deal with the asymmetric nature of the new physdev match,
Shorewall-perl supports a new type of zone - a Bridge Port (BP) zone.
Bridge port zones have a number of restrictions:
BP zones may only be associated with bridge ports.
All ports associated with a given BP zone must be on the same bridge.
Policies from a non-BP zone to a BP are disallowed.
Rules where the SOURCE is a non-BP zone and the DEST is a BP zone are
disallowed.
----------------------
I guess we don't want such restrictions?
More information about the pve-user
mailing list