>> What do you think about that? Good Idea, but I think that it should be tested (mainly with multicast, igmp quierier, ...)
mainly also test that we could provide dhcp from this ip on veth (if we implement a dhcp later this year) It could be great too, if on day we use new vlan bridge filtering feature, so it could be possible to assign 1vlan by veth-bridgeport ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Mardi 4 Mars 2014 18:52:07 Objet: RE: pve-firewall: container problem I really wonder if we can simply forbid to assign an IP to a bridge. Instead we force the user to add an additional veth device to the bridge, so he can configure the IP on that interface. That idea is from http://shorewall.net/bridge-Shorewall-perl.html What do you think about that? > >>Any idea how to handle that? > > Don't have checked openvz for the moment. > I'll try to do tests this week > > ----- Mail original ----- > > De: "Dietmar Maurer" <[email protected]> > À: "Alexandre DERUMIER ([email protected])" > <[email protected]>, [email protected] > Envoyé: Mardi 4 Mars 2014 16:13:15 > Objet: pve-firewall: container problem > > Seems we cannot filter traffic from containers to KVM VM correctly: > > venet => vmbrX/tapXiY > > because of the known physdev match restrictions. > > Any idea how to handle that? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
