> I don't like to much the extra section. > Because a vm could have both ipv4 and ipv6, I think it could be better to not > manage twice the rules. > > I thinked of simply duplicated rules in iptables and ip6tables, > if a rule use src or dst ipv4 skip it in ip6tables > if a rule use src or dst ipv6 skip it in iptables > use -p icmp or -p icmpv6
OK > I think we can generate ip6tables by default, it shouldn't slowdown rules > processing, because ipv4 never go in theses tables. > > > I'll do tests next week. (and also works on the wiki, I'll write some doc > about ips > option and suricata) great. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
