Am 11.06.2014 15:49, schrieb Alexandre DERUMIER: >>> Can you please give me an example how to limit a user to a specific ip >>> with your commit? > > Do have read the code, but it should be > > in /etc/pve/firewall/vmid.fw > > > [IPSET ipfilter] > 192.168.0.1 > 10.0.0.0/8 > ....
Thanks - will try that but how to bind this to mac addressesv or network interfaces? I mean a user can have multiple network interfaces. Maybe he is allowed to use IPA on net0 and IPB on net1 but not IPB on net0. Greets, Stefan > ----- Mail original ----- > > De: "Stefan Priebe - Profihost AG" <s.pri...@profihost.ag> > À: "Dietmar Maurer" <diet...@proxmox.com>, "Alexandre DERUMIER" > <aderum...@odiso.com> > Cc: pve-devel@pve.proxmox.com > Envoyé: Mercredi 11 Juin 2014 15:30:18 > Objet: Re: [pve-devel] pve-firewall : add ipfilter protection > > > Am 11.06.2014 10:07, schrieb Dietmar Maurer: >>>>> Would it make sense to also allow ip/mask notation so pve knows more >>>>> about >>> the network? May be display user ip settings? >>> >>> Don't have tested, but I think it should work. I'll test that today. >> >> I just applied a simplified version of your patch. >> >> I simply apply the filter if the VM firewall configuration defines a ipset >> named 'ipfilter'. >> >> This works with venet and tap devices, and does not require any change in >> qemu-server config. >> >> Does that work for you? > > Can you please give me an example how to limit a user to a specific ip > with your commit? > > Which lines do i have to insert into which files? > > Thanks! > > Greets, > Stefan > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
