Hi all, with the new vzctl bridge patch sent yesterday it is easy to build up hosts with complex 'virtual' networks. In Proxmox VE we have 9 bridges - each CT can connect to one or more bridges.
I guess in theory it is possible to run a fully functional firewall inside a CT. Does somebody has experiences with that? Also, when you assign ip addresses to the bridges, the host routes between those bridges. If you want to restrict traffic you need to setup a firewall on the host. I just tried shorewall, and it seems to work perfectly. Does somebody else using shorewall with openvz host? - does it work reliable? Are there other 'simple' solutions besides shorewall? - Dietmar _______________________________________________ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
