Re: [pve-devel] [PATCH] disable / filter dhcp traffic if dhcp is disabled

Stefan Priebe - Profihost AG Thu, 03 Jul 2014 22:47:52 -0700

Ok bad idea.

What I want to archieve is that even when all policies are set to enabled I 
want to have a highly isolated network for the vms. No broadcast or multicast 
should leave the vm. Only layer3 stuff.


Stefan

Excuse my typo sent from my mobile phone.

> Am 04.07.2014 um 05:58 schrieb Dietmar Maurer <diet...@proxmox.com>:
> 
> This is not how it works on shorewall, so I am not sure if we need this. why?l
> 
>> -----Original Message-----
>> From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of
>> Stefan Priebe
>> Sent: Donnerstag, 03. Juli 2014 23:38
>> To: pve-devel@pve.proxmox.com
>> Subject: [pve-devel] [PATCH] disable / filter dhcp traffic if dhcp is 
>> disabled
>> 
>> 
>> Signed-off-by: Stefan Priebe <s.pri...@profihost.ag>
>> ---
>> src/PVE/Firewall.pm |    8 ++++++++
>> 1 file changed, 8 insertions(+)
>> 
>> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 27cf1e6..615f233
>> 100644
>> --- a/src/PVE/Firewall.pm
>> +++ b/src/PVE/Firewall.pm
>> @@ -1643,6 +1643,14 @@ sub ruleset_create_vm_chain {
>>        ruleset_generate_rule($ruleset, $chain, { action => 'ACCEPT',
>>                              proto => 'udp', sport => 67,
>> dport => 68 });
>>    }
>> +    } else {
>> +    if ($direction eq 'OUT') {
>> +        ruleset_generate_rule($ruleset, $chain, { action => 'DROP',
>> +                              proto => 'udp', sport => 68,
>> dport => 67 });
>> +    } else {
>> +        ruleset_generate_rule($ruleset, $chain, { action => 'DROP',
>> +                              proto => 'udp', sport => 67,
>> dport => 68 });
>> +    }
>>     }
>> 
>>     if ($direction eq 'OUT') {
>> --
>> 1.7.10.4
>> 
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel@pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
>

_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH] disable / filter dhcp traffic if dhcp is disabled

Reply via email to