[pve-devel] pvefw: why do we check vmbr0-IN for INPUT
Alexandre DERUMIER
aderumier at odiso.com
Fri Feb 21 08:33:09 CET 2014
>>I am quit unsure about that. It is really difficult to understand that setup.
>>Maybe we can use the --state to simplify things?
Do you have an example ?
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Jeudi 20 Février 2014 19:31:43
Objet: RE: pvefw: why do we check vmbr0-IN for INPUT
> but after it's using tap chain...that's why it's go to vmbr0-IN. (I think it's
> doing nothing, but it's an overhead).
>
>
> Maybe can we manage special tap chain for these tap out->host rule ?
> We drop all by default, but maybe later we'll need to open something like
> dhcp, if we manage an dhcp server on proxmox host.
I am quit unsure about that. It is really difficult to understand that setup.
Maybe we can use the --state to simplify things?
More information about the pve-devel
mailing list