[pve-devel] [PATCH 7/8] use --physdev-is-bridged for --physdev-out
Alexandre Derumier
aderumier at odiso.com
Wed Apr 30 10:56:36 CEST 2014
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
src/PVE/Firewall.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 302db30..f2db87a 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1619,7 +1619,7 @@ sub generate_tap_rules_direction {
# plug the tap chain to bridge chain
if ($direction eq 'IN') {
ruleset_addrule($ruleset, "PVEFW-FWBR-IN",
- "-m physdev --physdev-out $iface -j $tapchain");
+ "-m physdev --physdev-is-bridged --physdev-out $iface -j $tapchain");
} else {
ruleset_addrule($ruleset, "PVEFW-FWBR-OUT",
"-m physdev --physdev-in $iface -j $tapchain");
@@ -2614,7 +2614,7 @@ sub compile {
if (!ruleset_chain_exist($ruleset, "PVEFW-FWBR-OUT")) {
ruleset_create_chain($ruleset, "PVEFW-FWBR-OUT");
- ruleset_addrule($ruleset, "PVEFW-FORWARD", "-m physdev --physdev-out veth+ -j PVEFW-FWBR-OUT");
+ ruleset_addrule($ruleset, "PVEFW-FORWARD", "-m physdev --physdev-is-bridged --physdev-out veth+ -j PVEFW-FWBR-OUT");
}
generate_std_chains($ruleset, $hostfw_options);
--
1.7.10.4
More information about the pve-devel
mailing list