I know it has been asked multiple times (I’ve found result both in english and in german), but I was wondering if the bridge port isolation on Linux was something being considered for the roadmap, since it is already available on linux:
I am interested in policing the intra-boadcast domain traffic in a network.
I already know there is the SDN feature (that I’m going to try soon!) and the Proxmox firewall capability, but I’m scared that L2 traffic may pass anyway (and it is yet another place to write policies in): having the bridge port isolation at Layer 2 may allow me to use a central firewall for managing the rules.
Writing some of the rules on the main firewall and some in the Proxmox firewall would be error prone and time consuming (if I’m not doing it wrong, anyway).
Now, I understand my question is probably wrong and I totally agree that a distributed firewall at the hypervisor level is both more scalable and performant, but I feel I’m unable to use the Proxmox firewall as I should/want
Also, is there a date for when the SDN feature will be formally released as stable?
I am interested in policing the intra-boadcast domain traffic in a network.
I already know there is the SDN feature (that I’m going to try soon!) and the Proxmox firewall capability, but I’m scared that L2 traffic may pass anyway (and it is yet another place to write policies in): having the bridge port isolation at Layer 2 may allow me to use a central firewall for managing the rules.
Writing some of the rules on the main firewall and some in the Proxmox firewall would be error prone and time consuming (if I’m not doing it wrong, anyway).
Now, I understand my question is probably wrong and I totally agree that a distributed firewall at the hypervisor level is both more scalable and performant, but I feel I’m unable to use the Proxmox firewall as I should/want
Also, is there a date for when the SDN feature will be formally released as stable?
Last edited: