Skip to content

Commit

Permalink
Fixed virtual machine connexion error
Browse files Browse the repository at this point in the history
  • Loading branch information
@dpiquet
dpiquet committed Jun 13, 2013
1 parent 4820453 commit ca047d9
Showing 1 changed file with 10 additions and 7 deletions.
17 changes: 10 additions & 7 deletions pve-firewall
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,11 +100,11 @@ if [ ! -r $CONF_DIR/$HYPERVISOR_CONF_FILENAME ]; then
fi

# Load user defined macros
#if [ -r $CONF_DIR/$MACROS_FILENAME ]; then
# source $CONF_DIR/$MACROS_FILENAME
#else
# ERR_MSG "WARNING: Cannot find $CONF_DIR/$MACROS_FILENAME !"
#fi
if [ -r $CONF_DIR/$MACROS_FILENAME ]; then
source $CONF_DIR/$MACROS_FILENAME
else
ERR_MSG "WARNING: Cannot find $CONF_DIR/$MACROS_FILENAME !"
fi

# Apply user defined bridged vm rules
function APPLY_BRIDGED_VM_RULES {
Expand Down Expand Up @@ -189,6 +189,9 @@ function APPLY_VM_COMMON_RULES {
# Immediatly accept opened sessions
$IPTABLES --table filter --append FORWARD -m conntrack --ctstate RELATED,ESTABLISHED --jump ACCEPT

# Allow initiating out traffic
$IPTABLES --table filter --append FORWARD -m physdev --physdev-in veth+ --jump ACCEPT

######################################
# DROP STRANGE PACKETS
######################################
Expand Down Expand Up @@ -216,7 +219,7 @@ function APPLY_VM_COMMON_RULES {
fi

# New connections (TCP, UDP, ICMP, ...) go to COMMON_VM_CHAIN
$IPTABLES --table filter --append FORWARD -m conntrack --ctstate NEW --jump $COMMON_VM_CHAIN
$IPTABLES --table filter --append FORWARD -m conntrack --ctstate NEW --jump $VM_CHAIN

# Call common bridged vm rules
source $CONF_DIR/$COMMON_BRIDGED_CONF_FILENAME
Expand Down Expand Up @@ -539,8 +542,8 @@ function DO_START {
RESET_FW
INIT_FW
APPLY_HYPERVISOR_RULES
APPLY_VM_COMMON_RULES
APPLY_BRIDGED_VM_RULES
APPLY_VM_COMMON_RULES
MODE_DROP
}

Expand Down

0 comments on commit ca047d9

Please sign in to comment.