Well, we also need to have rules for traffic unrelated to VMs., i.e from and to the host.
> > don't known if it's better than > > >>Above would only handle traffic originated from a VM and skip traffic from > outside (eth0)? > > maybe. I think we shouldn't filter from ethX, because outside can be also > other > hosts with others vm. > (Or maybe users want to add some custom rules on ethX to protect the host > itself, like this it doesn't conflict with openstack rules) > > > also,maybe they are doing like this to add later some custom rules before the > ACCEPT. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
