proxmox-mirrors/pve-firewall
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-firewall synced 2025-08-15 07:12:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
pve-firewall/debian/example
History
Alexandre Derumier c5e8b0088f compile ebtables rules 
-A FORWARD -j PVEFW-FORWARD
   -A PVEFW-FORWARD -p IPv4 -j ACCEPT  #filter mac in iptables for ipv4, so we can speedup rules with conntrack established
   -A PVEFW-FORWARD -p IPv6 -j ACCEPT
   -A PVEFW-FORWARD -o fwln+ -j PVEFW-FWBR-OUT
	-A PVEFW-FWBR-OUT -i tap110i0 -j tap110i0-OUT
		-A tap110i0-OUT -s ! 36:97:15:91:19:3c -j DROP
		-A tap110i0-OUT -p ARP -j ACCEPT
		-A tap110i0-OUT -j DROP
		-A tap110i0-OUT -j ACCEPT
	-A PVEFW-FWBR-OUT -i veth130.1 -j veth130.1-OUT
		-A veth130.1-OUT -s ! 36:95:a9:ae:f5:ec -j DROP
		-A veth130.1-OUT -j ACCEPT

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-03-28 11:35:06 +02:00
..
100.fw compile ebtables rules 2018-03-28 11:35:06 +02:00
cluster.fw add ipv6 examples 2014-11-04 11:05:13 +01:00
host.fw change rule format: use named parameters 2014-05-19 07:53:00 +02:00