[pve-devel] optimize non-firewalled vms rules with devgroup
Dietmar Maurer
dietmar at proxmox.com
Sat Apr 26 11:29:05 CEST 2014
>
> So, at begin of vmbrxxx, we just need to add:
>
>
> -A vmbrxxx-IN -m devgroup --src-group name NOFWTAPS -j ACCEPT
> -A vmbrxxx-OUT -m devgroup --src-group name NOFWTAPS -g PVEFW-SET-
> ACCEPT-MARK
>
>
>
> (I don't have tested it yet)
>
>
> What do you think about it ?
This is just an optimization? If so, feel free to add after testing.
More information about the pve-devel
mailing list