proxmox-mirrors/pve-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-docs synced 2025-04-29 10:40:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pvesdn: add note to port isolation to use firewall in clusters

Browse Source 
since port isolation is only local on the host. To get better port
isolation, the VNET firewall can be used.

Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
This commit is contained in:
Aaron Lauterer 2024-11-20 13:02:04 +01:00 committed by Thomas Lamprecht
parent e3818925ad
commit b074964d6f
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pvesdn.adoc
View File

@ -388,6 +388,10 @@ but not for the interface itself. This means guests can only send traffic to
non-isolated bridge-ports, which is the bridge itself. In order for this setting
to take effect, you need to restart the affected guest.
NOTE: Port isolation is local to each host. Use the
xref:pvesdn_firewall_integration[VNET Firewall] to further isolate traffic in
the VNET across nodes. For example, DROP by default and only allow traffic from
the IP subnet to the gateway and the vice versa.
[[pvesdn_config_subnet]]
Subnets