>>> tap_unplug >>> firewall compile >>> tap_plug >> >>more and more features ...
Well, it's not mandatory, but if you have firewall enabled vmbr<--fwbr<---tap then you disable firewall rules through iptables, it'll work but you'll need to test each tapchain rules and do the ACCEPT at the end. (in my firewall patches, I have a iptables -A forward ! -i fwbr+ at the begin) What is the main problem to use PVE::Firewall in Network.pm ? ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Mardi 6 Mai 2014 09:46:06 Objet: RE: [pve-devel] [PATCH] linux bridge and ovs new model implementation v6 > I'm not sure, because in this case we need PVE::Firewall in QemuServer.pm, > to known which script to launch. sigh > Also, we should to be able to enable|disable firewall online, and change from > fwbr bridge to vmbr bridge. > > something like: > > ->disable|enable firewall for vmid > > tap_unplug > firewall compile > tap_plug more and more features ... I run out of time, because next week I need to start working on the mail gateway again. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
