pve-firewall

mirror of https://git.proxmox.com/git/pve-firewall synced 2025-08-16 04:29:52 +00:00

Author	SHA1	Message	Date
Alexandre Derumier	c5e8b0088f	compile ebtables rules -A FORWARD -j PVEFW-FORWARD -A PVEFW-FORWARD -p IPv4 -j ACCEPT #filter mac in iptables for ipv4, so we can speedup rules with conntrack established -A PVEFW-FORWARD -p IPv6 -j ACCEPT -A PVEFW-FORWARD -o fwln+ -j PVEFW-FWBR-OUT -A PVEFW-FWBR-OUT -i tap110i0 -j tap110i0-OUT -A tap110i0-OUT -s ! 36:97:15:91:19:3c -j DROP -A tap110i0-OUT -p ARP -j ACCEPT -A tap110i0-OUT -j DROP -A tap110i0-OUT -j ACCEPT -A PVEFW-FWBR-OUT -i veth130.1 -j veth130.1-OUT -A veth130.1-OUT -s ! 36:95:a9:ae:f5:ec -j DROP -A veth130.1-OUT -j ACCEPT Signed-off-by: Alexandre Derumier <aderumier at odiso.com> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>	2018-03-28 11:35:06 +02:00
Alexandre Derumier	a2dbb47b4c	add ipv6 examples Signed-off-by: Alexandre Derumier <aderumier@odiso.com>	2014-11-04 11:05:13 +01:00
Dietmar Maurer	d562837827	add example for ipfilter ipset	2014-06-12 08:36:05 +02:00
Dietmar Maurer	dba740a9c7	change rule format: use named parameters	2014-05-19 07:53:00 +02:00
Dietmar Maurer	8b41cf53e2	fix blacklist example	2014-05-15 12:17:53 +02:00
Alexandre Derumier	ffc0453b7e	fix interface in rules for host-in and host-out Signed-off-by: Alexandre Derumier <aderumier@odiso.com>	2014-05-14 14:49:04 +02:00
Alexandre Derumier	c50a5a6886	remove optimize option new model is already optimized, no need to have tricks now Signed-off-by: Alexandre Derumier <aderumier@odiso.com>	2014-05-14 12:36:55 +02:00
Dietmar Maurer	fb8f4a70bb	remove allow_bridge_route setting Not needed for new network model with additional bridge.	2014-05-06 11:12:21 +02:00
Alexandre Derumier	88733a748c	add global ipset blacklist this is a predefined ipset == blacklist, which block ips at the begin of PVE-FORWARD. (usefull in case of ddos attack) Signed-off-by: Alexandre Derumier <aderumier@odiso.com>	2014-04-23 11:16:24 +02:00
Dietmar Maurer	44be8ceb18	code cleanup Define $ip_alias_name to make it easier to read the code.	2014-04-22 08:32:44 +02:00
Alexandre Derumier	92e1209bfb	add aliases feature this allow to defined ip et network aliases, which can be used in vm/group rules and also ipset Signed-off-by: Alexandre Derumier <aderumier@odiso.com>	2014-04-22 07:49:09 +02:00
Dietmar Maurer	bce209cf6a	add README and example to debian package	2014-04-18 10:50:15 +02:00

12 Commits