> i'm begin to read pve-firewall README > https://git.proxmox.com/?p=pve- > firewall.git;a=blob;f=README;h=0d90df5b54f10cd38cbc11895744296fc7479126 > ;hb=b486ed3b930807586eb1038c60682d5e8a8637f8 > > About zones: > > >>We simply define one zone for each bridge/vm pair. > > > So, we need to define 1 zone by vm ? > > If yes, this seem strange. What I have in mind, is to define 1 zone for > multiple > vms, with no filtering inside the zone by default. > Then configure firewall rules between the differents zones.
You normally want to setup a firewall for each VM - for example each customer want to have a firewall for his VMs. But we may also allow other groups like VM pools, or global rules. > If we need to defined rules, for each vm, one by one, I'll take a lot of > time, and > the number of rules will be very big. (and could lead to performance problem) > > Does I miss something ? It must be possible to define rules at different levels: - for any network interface in the VM - for each VM (sum of all network interfaces of a VM) - for a VM pool (list of VMs) - at global level (all VMs) _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
