[pve-devel] pve-firewall : iptables V2
Dietmar Maurer
dietmar at proxmox.com
Fri Feb 14 17:14:01 CET 2014
> you should also add theses chains to clear all
>
> vmbrx-IN
> vmbrx-OUT
> GROUP-xxx
OK
> >>Does that makes sense?
> Yes.
>
> But how do you remove stale chain ?
> (like a stale tap chain, because of a vm crash for example)
Oh, I do not care about crashed VM (why?).
My idea was that we simply compute the whole set of chains we need.
Then we compare that with the current ruleset, and only apply the diff (and
remove rules which are no longer needed).
More information about the pve-devel
mailing list