> -Original Message-
> From: pve-devel-boun...@pve.proxmox.com [mailto:pve-devel-
> boun...@pve.proxmox.com] On Behalf Of Dietmar Maurer
> Sent: Mittwoch, 22. Jänner 2014 08:13
> To: Alexandre DERUMIER
> Cc: pve-devel
> Subject: Re: [pve-devel] RFC : iptables implementation
>
> > >>I am
>>OK. But maybe we can allow normal rules also?
yes sure
>>And use the existing format (pve-firewall/example/100.fw):
no problem.
>>We use an extra file to store Security Grougs: /etc/pve/firewall/groups.fw
>>
>>--groups.fw-example---
>>
>>[IN::]
>>
>>SSH(ACCEPT) net0 192.16
> >>I am not sure if that model correctly handle traffic form one VM to another
> (traffic from VM1 to VM2)?
> >>Because you would need to apply out rules for VM1, the in rules for VM2.
> >>Does that work - if so how?
>
> Well, is like to have 2vms behind 2 firewalls.
OK, so I just believe you th
>>I am not sure if that model correctly handle traffic form one VM to another
>>(traffic from VM1 to VM2)?
>>Because you would need to apply out rules for VM1, the in rules for VM2.
>>Does that work - if so how?
Well, is like to have 2vms behind 2 firewalls.
If user of vm1 open outgoing rules to
> It requires the latest build of the spice client remote-viewer, which will
> become
> the next release.
Ok, applied.
Note: I re-formated the commit message slightly.
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin
> what do you think about it ?
>
>
>
> iptables -F
> iptables -X
>
> iptables -N tap110i0-out
> iptables -N tap110i0-in
> #out
> iptables -A FORWARD -m physdev --physdev-is-bridged --physdev-in tap110i0 -j
> tap110i0-out
> #in
> iptables -A FORWARD -m physdev --physdev-is-bridged --physdev-out
> >>How would you present that to the user (how would you design a GUI for
> that)?
> I see 2 parts:
>
> 1 firewall tab on the vm
> in this tab, we can associate security groups for incoming rules and outgoing
> rules by network interface
>
> [INCOMING RULES]
> net0 security1
> net0 security
I could use a hook script, the problem (maybe others don't see it as a
problem) is that while
it's easy to get the hook script to call out, I have modified the
storage option to accept a comma
separated list and added a new parameter '-strategy'. These require
modifying vzdump already
so I wasn
>>How would you present that to the user (how would you design a GUI for that)?
I see 2 parts:
1 firewall tab on the vm
in this tab, we can associate security groups for incoming rules and outgoing
rules by network interface
[INCOMING RULES]
net0 security1
net0 security2
[OUTGOING RULES]
On Tue, 21 Jan 2014 06:30:52 AM Dietmar Maurer wrote:
> Shift-F11 works, but the other keys does not have any effect.
> How is that supposed to work?
It requires the latest build of the spice client remote-viewer, which will
become the next release.
--
Lindsay
signature.asc
Description: This is
10 matches
Mail list logo
