Hello,
I have the Proxmox firewall enabled cluster / server wide:
1/ I am looking at enabling some form of baisc MAC address spoof protection, I have had a look at what other solutions use (which is ebtables), is this the best method to use with Proxmox or is there a way I can make use of the Promox Firewall?
2/ I have noticed alot of broadcast / multicast traffic between VM's coming from the shared bridge, again seems other solutions are making use of ebtables, again is their a better way to do this within Proxmox Firewall or should I stick to ebtables?
An example of another solutions method:
Bridge chain: kvm248.0, entries: 6, policy: DROP
-p IPv4 --ip-proto udp --ip-sport 67:68 -j ACCEPT
-p IPv4 --ip-proto udp --ip-dport 67:68 -j ACCEPT
-p ARP --arp-op Request -j ACCEPT
-p IPv4 --ip-src ***.***.***.25 -j ACCEPT
-p IPv4 --ip-dst ***.***.***.25 -j ACCEPT
-p ARP --arp-op Reply --arp-ip-src ***.***.***.25 -j ACCEPT
I have the Proxmox firewall enabled cluster / server wide:
1/ I am looking at enabling some form of baisc MAC address spoof protection, I have had a look at what other solutions use (which is ebtables), is this the best method to use with Proxmox or is there a way I can make use of the Promox Firewall?
2/ I have noticed alot of broadcast / multicast traffic between VM's coming from the shared bridge, again seems other solutions are making use of ebtables, again is their a better way to do this within Proxmox Firewall or should I stick to ebtables?
An example of another solutions method:
Bridge chain: kvm248.0, entries: 6, policy: DROP
-p IPv4 --ip-proto udp --ip-sport 67:68 -j ACCEPT
-p IPv4 --ip-proto udp --ip-dport 67:68 -j ACCEPT
-p ARP --arp-op Request -j ACCEPT
-p IPv4 --ip-src ***.***.***.25 -j ACCEPT
-p IPv4 --ip-dst ***.***.***.25 -j ACCEPT
-p ARP --arp-op Reply --arp-ip-src ***.***.***.25 -j ACCEPT
And for this reason any good ISP use pppoe!