Am Sonntag, den 23.08.2020, 12:58 +0200 schrieb Stephan Leemburg:
Good afternoon Dietmar,
The reason is separation of client's resources on the machine(s).
In firewalling, it is not uncommon to use a lot of VLAN's.
For example at one of my clients that I do consultancy for, they
have
more than 60 VLAN's defined on their firewall.
probably not helping with your original Problem, but running (such) a
firewall in a LXC feels totally wrong to me.
That is not my setup. The customer runs very expensive firewalls and all
interfaces are vlan interfaces on top of link aggregations.
Putting the FW in a VM is fine for me, but I surely don't want it to be
a part of the hosts network stack.
Maybe I should reconsider my thought in migrating from a kvm that runs
pfSense to a debian container that runs iptables in the same kernel and
network stack as the node.
Thanks for your input. I will do some more research and educated thinking.
Best regards,
Stephan
Regards,
Tom
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
