ebtables IP - MAC restriction

BelCloud

Renowned Member
Dec 15, 2015
96
5
73
www.belcloud.net
Hello

Considering ebtables has been addded to proxmox, what options do we have to restrict an IP to specific IPs. Does the 5.2 version have any API option to update the ebtables for a specific VM interface?
Is there any way to use the "ipfilter" option to block everything if IP does not match the MAC?

Thank you
 
The ebtables support is currently mostly a backend change and some improvements are still planned. Eg. you currently cannot add custom rules and due to the way the command line tools work it doesn't currently integrate well with manually managed rules (but we'll work on that).
As for the ipfilter - not yet. Note that it would only affect IPv4 here anyway since IPv6 doesn't use ARP but rather does discovery via ICMP (iow. on the IP layer). So currently ebtables only handles mac filtering.
Essentially there are 2 more changes planned for the ipfilter very soon, the more important one is reordering connection tracking and ip filtering so incoming connections don't get accepted via conntrack too early. The other is adding it to ebtables to handle the ARP traffic. Both are required for that to be fully functional.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!