DigitalDaz
09-08-2010, 20:31
Yep, got it, thanks guys.
A question for our Proxmox guru :)
Myatu
09-08-2010, 19:54
I've extended the original blog for the Shorewall Firewall / Proxmox: http://www.myatus.co.uk/2010/03/20/g...ending-its-us/
Scroll down to the "Mixed use and bridging" section, "Policy Warnings" paragraph. You can effectively block traffic to a VM running on its own IP/(Virtual) MAC with this (and then have special rules for things that are allowed, of course).
Shorewall is iptables-based, so essentially you can achieve the same by doing a DROP on the FORWARD chain, then opening just whatever you need.
Scroll down to the "Mixed use and bridging" section, "Policy Warnings" paragraph. You can effectively block traffic to a VM running on its own IP/(Virtual) MAC with this (and then have special rules for things that are allowed, of course).
Shorewall is iptables-based, so essentially you can achieve the same by doing a DROP on the FORWARD chain, then opening just whatever you need.
ictdude
09-08-2010, 19:32
Originally Posted by DigitalDaz
DigitalDaz
09-08-2010, 18:04
When we use virtual macs on openvz containers are we no longer able to firewall on the Proxmox host?
I know we can use iptables on the containers but I want to allow some external users access to containers but I would really like to block certain kinds of traffic.
TIA
I know we can use iptables on the containers but I want to allow some external users access to containers but I would really like to block certain kinds of traffic.
TIA