On Tue, 19 Nov 2024 11:06:12 +0100 Hannes Dürr <h.du...@proxmox.com> wrote:
> I like your changes, but I would adapt the description more to the > bridge manpage [0]. > > [0] https://www.man7.org/linux/man-pages/man8/bridge.8.html > > On 11/18/24 19:52, Stoiko Ivanov wrote: > > On Tue, 12 Nov 2024 16:54:25 +0100 > > Stefan Hanreich <s.hanre...@proxmox.com> wrote: > > > >> Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com> > >> --- > >> pvesdn.adoc | 5 +++++ > >> 1 file changed, 5 insertions(+) > >> > >> diff --git a/pvesdn.adoc b/pvesdn.adoc > >> index 39de80f..b1f2578 100644 > >> --- a/pvesdn.adoc > >> +++ b/pvesdn.adoc > >> @@ -383,6 +383,11 @@ Tag:: The unique VLAN or VXLAN ID > >> VLAN Aware:: Enables vlan-aware option on the interface, enabling > >> configuration > >> in the guest. > >> > >> +Isolate Ports:: Sets the isolated flag for all members of this port, > >> except for > >> +the bridge port. This means that every port can only send traffic to the > >> bridge > >> +port. In order for this setting to take effect, you need to restart the > >> VMs > >> +that have interfaces on the VNet. > >> + > > Reading through the VNet docs - I'd rename bridge port to 'interface' and > > members to guest ports. - maybe like this: > > ``` > > Isolate Ports:: Sets the isolated flag for all guest ports of this > > interface, > > but not for the interface itself. This means that guests cannot send > > traffic to > > each other. In order for this setting to take effect, you need to restart > > the > > affected guest. > > ``` > This means that guests cannot send traffic to each other -> This means > guests can only send traffic to non-isolated guests Thanks for the feedback! I basically was at the same point staring at the screen for a while... the setting is per VNet (a.k.a. at least for simple/VLAN zones) bridge-wide - so short of manually fiddling with the port-settings with `bridge link set` there currently are no such guests AFAICT. if we adapt it I'd suggest: This means guests can only send traffic to non-isolated bridge-ports, which is the bridge itself. > > > > > > >> > >> [[pvesdn_config_subnet]] > >> Subnets > > > > > > _______________________________________________ > > pve-devel mailing list > > pve-devel@lists.proxmox.com > > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > > > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
