[pve-devel] pve-firewall : iptables V2

[Alexandre DERUMIER]

OK, but where do you remove stale tap chains? (if someone removes a network device from the VM)

if the vm in online,just call flush_tap_rules($net,$netid,$vmid) in tap_unplug?

and if the vm is shutdown, the tap chain is already removed on vm_stop.




----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Jeudi 13 Février 2014 17:56:18 
Objet: RE: [pve-devel] pve-firewall : iptables V2 

> It's mainly to not add a rule twice,mainly in bridge chains or other parent chains. 
> But never in a tap chain. 

OK, but where do you remove stale tap chains? (if someone removes a network device from the VM)