pve-firewall

mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-01-23 02:04:19 +03:00

History

Alexandre Derumier c5e8b0088f compile ebtables rules

-A FORWARD -j PVEFW-FORWARD
   -A PVEFW-FORWARD -p IPv4 -j ACCEPT  #filter mac in iptables for ipv4, so we can speedup rules with conntrack established
   -A PVEFW-FORWARD -p IPv6 -j ACCEPT
   -A PVEFW-FORWARD -o fwln+ -j PVEFW-FWBR-OUT
	-A PVEFW-FWBR-OUT -i tap110i0 -j tap110i0-OUT
		-A tap110i0-OUT -s ! 36:97:15:91:19:3c -j DROP
		-A tap110i0-OUT -p ARP -j ACCEPT
		-A tap110i0-OUT -j DROP
		-A tap110i0-OUT -j ACCEPT
	-A PVEFW-FWBR-OUT -i veth130.1 -j veth130.1-OUT
		-A veth130.1-OUT -s ! 36:95:a9:ae:f5:ec -j DROP
		-A veth130.1-OUT -j ACCEPT

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

2018-03-28 11:35:06 +02:00

100.fw

compile ebtables rules

2018-03-28 11:35:06 +02:00

cluster.fw

add ipv6 examples

2014-11-04 11:05:13 +01:00

host.fw

change rule format: use named parameters

2014-05-19 07:53:00 +02:00