Re: [pve-devel] pve-firewall : ebtables

Tue, 15 Jul 2014 04:23:45 -0700 

Am 15.07.2014 13:16, schrieb Alexandre DERUMIER:
>>> is there a bug? 
> 
> From the commit msg
> 
> "generate MAC and IP filter rules if firewall is enabled on NIC"
> $net->{firewall} = 1
> 
> "Only omit rules if firewall is disabled."
> $vmfw_conf->options->{enable} = 0
> 
> 
> So,no bug, we generate macfilter if $net->{firewall}=1, even if 
> $vmfw_conf->options->{enable}= 0

OK i thought it makes more sense the other way round, especially the
options are grouped that way.

But it's ok to me - just a bit confusing.

Stefan


> ----- Mail original ----- 
> 
> De: "Alexandre DERUMIER" <aderum...@odiso.com> 
> À: "Dietmar Maurer" <diet...@proxmox.com> 
> Cc: pve-devel@pve.proxmox.com 
> Envoyé: Mardi 15 Juillet 2014 13:14:14 
> Objet: Re: [pve-devel] pve-firewall : ebtables 
> 
>>> I thought this is implemented by this commit? 
>>>
>>> https://git.proxmox.com/?p=pve-firewall.git;a=commit;h=a34cfdd0d1caabb9c59a515056fbe98f7ee7a185
>>>  
>>>
>>> is there a bug? 
> 
> I think this patch was more about 
> $vmfw_conf->options->{enable} 
> 
> and not 
> $net->{firewall} 
> 
> 
> 
> 
> ----- Mail original ----- 
> 
> De: "Dietmar Maurer" <diet...@proxmox.com> 
> À: "Alexandre DERUMIER" <aderum...@odiso.com> 
> Cc: pve-devel@pve.proxmox.com, "Stefan Priebe - Profihost AG" 
> <s.pri...@profihost.ag> 
> Envoyé: Mardi 15 Juillet 2014 12:52:21 
> Objet: RE: [pve-devel] pve-firewall : ebtables 
> 
> 
> 
>> -----Original Message----- 
>> From: Alexandre DERUMIER [mailto:aderum...@odiso.com] 
>> Sent: Dienstag, 15. Juli 2014 12:43 
>> To: Dietmar Maurer 
>> Cc: pve-devel@pve.proxmox.com; Stefan Priebe - Profihost AG 
>> Subject: Re: [pve-devel] pve-firewall : ebtables 
>>
>>>> macfilter works even if the vm has firewall=0 
>>
>> Currently, it's not true, 
>>
>> the tap chain (including mac filtering), is not generated if firewall=0 
> 
> I thought this is implemented by this commit? 
> 
> https://git.proxmox.com/?p=pve-firewall.git;a=commit;h=a34cfdd0d1caabb9c59a515056fbe98f7ee7a185
>  
> 
> is there a bug? 
> _______________________________________________ 
> pve-devel mailing list 
> pve-devel@pve.proxmox.com 
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
> _______________________________________________
> pve-devel mailing list
> pve-devel@pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to