I think this will introduce a new level of complexity for the
administrator. (I already missed a configuration because gust firewall
has to be enabled in VM>firewall and in VM>hardware>network interface)
Comparing with other vendors "eg chekpoint" the firewalling is managed
at "datacenter" level n
> New test this morning.
> in VM hardware the firewall was not enabled on the interface.
> I have the tap chains created on forward chain.
> So the solution VM by VM is working. It will be longer to configure
> (need to do it on each VM).
We just need a way to configure mandatory security groups,
New test this morning.
in VM hardware the firewall was not enabled on the interface.
I have the tap chains created on forward chain.
So the solution VM by VM is working. It will be longer to configure
(need to do it on each VM).
2015-05-13 0:08 GMT+02:00 Flavius Bindea :
> I did tests.
> QEMU c
I did tests.
QEMU chains are not created.
2015-05-12 6:10 GMT+02:00 Dietmar Maurer :
>
>> You are rigth. FirewallSimulator was not adapted to this new chain.
>> I've added this workarround:
>
> Thanks, but I still think adding a FORWARD chain is the wrong way, because
> you can do the same thing
> You are rigth. FirewallSimulator was not adapted to this new chain.
> I've added this workarround:
Thanks, but I still think adding a FORWARD chain is the wrong way, because
you can do the same thing with security groups. Did you already tried it?
__
Hello,
You are rigth. FirewallSimulator was not adapted to this new chain.
I've added this workarround:
Subject: [PATCH] updated firewall simulator in order to ignore new
PVEFW-HOST-FORWARD this is a workarrond in order to make
regression tests working it has to be better corrected.
---
src/P
This patch breaks regression tests for me:
# make check
test-unconfigured/tests line 3: { to => 'vm100', action => 'ACCEPT' }
test failed: missing dport at ../src/PVE/FirewallSimulator.pm line 154,
line 3.
___
pve-devel mailing list
pve-devel@pve.prox
---
src/PVE/API2/Firewall/Cluster.pm |6 +++
src/PVE/API2/Firewall/Host.pm|2 +
src/PVE/Firewall.pm | 92 +++---
3 files changed, 93 insertions(+), 7 deletions(-)
diff --git a/src/PVE/API2/Firewall/Cluster.pm b/src/PVE/API2/Firewall/Clust
