Hi, it seams that there are no firewall hooks in pve-firewall is this correct?
I would like to add my own action before, after the firewall configuration for a VM is stop,started or reloaded.
My use case would be adding ARP filter and bridge filter rules, because at the moment each VM gets all ARP traffic and multicast traffic that it may not need. So I tested to build arptables rules to block misdirected ARP requests.
By doing this it saves me about 10kbit/s for a idle VM dropping to almost 4kbit/s, dropping multicast and STP requests reduce this to 2kbit/s. This doesn't sound much but don't having this traffic on each VM reduces CPU context switches and prevent information leak to the VM.
Is there any point I could attach my own script? thx Harald -- Harald Leithner ITronic Wiedner Hauptstraße 120/5.1, 1050 Wien, Austria Tel: +43-1-545 0 604 Mobil: +43-699-123 78 4 78 Mail: [email protected] | itronic.at _______________________________________________ pve-devel mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
