ebtables IP - MAC restriction

[BelCloud]

Hello

Considering ebtables has been addded to proxmox, what options do we have to restrict an IP to specific IPs. Does the 5.2 version have any API option to update the ebtables for a specific VM interface?
Is there any way to use the "ipfilter" option to block everything if IP does not match the MAC?

Thank you

 

[wbumiller]

The ebtables support is currently mostly a backend change and some improvements are still planned. Eg. you currently cannot add custom rules and due to the way the command line tools work it doesn't currently integrate well with manually managed rules (but we'll work on that).
As for the ipfilter - not yet. Note that it would only affect IPv4 here anyway since IPv6 doesn't use ARP but rather does discovery via ICMP (iow. on the IP layer). So currently ebtables only handles mac filtering.
Essentially there are 2 more changes planned for the ipfilter very soon, the more important one is reordering connection tracking and ip filtering so incoming connections don't get accepted via conntrack too early. The other is adding it to ebtables to handle the ARP traffic. Both are required for that to be fully functional.

 

[BelCloud]

Thank you very much for the answer.

 

[demonmaestro]

Sorry to be a necro for this thread. But has this been added? I've been looking for this feature