> >>About your patches, iptables-restore hanging here for me: > >> > >>-A tap110i0-IN -m mark --mark 1 -g vmbr1-IN > >> > >>any idea ? (settings mark in other chains works fine) > > Oh, I think it's doing a loop, it should go to vmbr1-OUT > > -A tap110i0-IN -m mark --mark 1 -g vmbr1-OUT What (can you send a diff)?