> > The 'allowed_ips' ipset idea is very easy to implement ... > > > > OK so adding option IP to each netX.
No, I talk about an IPSet defined inside the <VMID>.fw file. > Just don't know how to implement the > firewall rule to only allow packets from this MAC and IP combination. something like: -A tap100i0-OUT -m mac ! --mac-source 0E:0B:38:B8:B3:21 -j DROP # we already have this -A tap100i0-OUT --m set ! --match-set PVEFW-100-allowed-ips src -J DROP _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
