PVEFW-DropBroadcast apply to VM ?

[jmjosebest]

Hello, the PVEFW-DropBroadcast rules apply to every VM/CT or only to the host node?

Chain PVEFW-DropBroadcast (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
DROP       all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
DROP       all  --  anywhere             anywhere             ADDRTYPE match dst-type ANYCAST
DROP       all  --  anywhere             base-address.mcast.net/4
           all  --  anywhere             anywhere             /* PVESIG:NyjHNAt---Hy4w */

Because I want to prevent VMs to send or receive BC, MC and AC traffic, but I dont see any option how to configure it.

Thanks!

 

[shanreich]

This rule gets applied whenever traffic is dropped (or rejected) at host and VM/CT level.
So if you do not explicitly allow the traffic in some form (via an ACCEPT rule) and have drop or reject as default policy then this should apply to all traffic.