proxmox-mirrors/proxmox-firewall
1
0
Fork 0
mirror of https://git.proxmox.com/git/proxmox-firewall synced 2025-10-04 04:47:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
54 Commits 1 Branch 0 Tags 364 KiB
Rust 98.7%
Makefile 1.3%
3500a8d833
Go to file
Stefan Hanreich 3500a8d833 guest out: fix handling ARP traffic with default block/reject policy 
In order to be able to send outgoing ARP packets when the default
policy is set to drop or reject, we need to explicitly allow ARP
traffic in the outgoing chain of guests. We need to do this in the
guest chain itself in order to be able to filter spoofed packets via
the MAC filter.

Contrary to the out direction we can simply accept all incoming ARP
traffic, since we do not do any MAC filtering for incoming traffic.
Since we create fdb entries for every NIC, guests should only see ARP
traffic for their MAC addresses anyway.

Originally-by: Laurent Guerby <laurent@guerby.net>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2024-05-21 15:40:27 +02:00
.cargo config: add proxmox-ve-config crate 2024-04-18 21:43:45 +02:00
debian bump version to 0.4.1 2024-04-26 17:22:28 +02:00
proxmox-firewall guest out: fix handling ARP traffic with default block/reject policy 2024-05-21 15:40:27 +02:00
proxmox-nftables config: nftables: add support for icmp-type any 2024-04-25 19:21:50 +02:00
proxmox-ve-config config: nftables: add support for icmp-type any 2024-04-25 19:21:50 +02:00
.gitignore firewall: add integration test 2024-04-18 21:47:21 +02:00
Cargo.toml firewall: add firewall crate 2024-04-18 21:46:28 +02:00
defines.mk firewall: add files for debian packaging 2024-04-18 21:47:11 +02:00
Makefile buildsys: add upload target 2024-04-18 22:03:10 +02:00