changelog:
add support for host firewall and group rules.
It's use iptables-restore now, so rules are applied atomicaly
Also, I don't use anymore return in inbound rule, but directly jump in outbound
rules, so less rules lookup
FORWARD chains lists are
FORWARD--->proxmoxfw-FORWARD
----> BRIDGEFW-OUT
--->VMBRX-OUT
------->TAPXX-OUT
--->ACCEPT(==JUMP VMBRX-IN)
--->GROUP-xxx-OUT
--->ACCEPT(==JUMP
BRIDGEFW-IN)
---->BRIDGEFW-IN
---->VMBRX-IN
------->TAPXX-IN
---->ACCEPT
---->GROUP-xxx-IN
----->ACCEPT
Please test :)
(config files sample for host,group,vm firewall are in commits)
_______________________________________________
pve-devel mailing list
[email protected]
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
