git.proxmox.com Git - pve-firewall.git/commit

author	Alexandre Derumier <aderumier@odiso.com>
	Wed, 28 Mar 2018 08:53:28 +0000 (10:53 +0200)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Wed, 28 Mar 2018 09:35:06 +0000 (11:35 +0200)
commit	c5e8b0088f2f51897b8b22a587c091e4e5bf3251
tree	b64880b0409801911c5f0006e3eb4f7c449bd2e9	tree
parent	d50f24ea6dc1109d1f8c095f2d048cdba41f9696	commit \| diff

compile ebtables rules

-A FORWARD -j PVEFW-FORWARD
   -A PVEFW-FORWARD -p IPv4 -j ACCEPT  #filter mac in iptables for ipv4, so we can speedup rules with conntrack established
   -A PVEFW-FORWARD -p IPv6 -j ACCEPT
   -A PVEFW-FORWARD -o fwln+ -j PVEFW-FWBR-OUT
-A PVEFW-FWBR-OUT -i tap110i0 -j tap110i0-OUT
-A tap110i0-OUT -s ! 36:97:15:91:19:3c -j DROP
-A tap110i0-OUT -p ARP -j ACCEPT
-A tap110i0-OUT -j DROP
-A tap110i0-OUT -j ACCEPT
-A PVEFW-FWBR-OUT -i veth130.1 -j veth130.1-OUT
-A veth130.1-OUT -s ! 36:95:a9:ae:f5:ec -j DROP
-A veth130.1-OUT -j ACCEPT

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

debian/example/100.fw		diff \| blob \| blame \| history
src/PVE/Firewall.pm		diff \| blob \| blame \| history
src/PVE/Service/pve_firewall.pm		diff \| blob \| blame \| history