[pve-devel] [PATCH 1/2] use RETURN instead ACCEPT for tap-out rules
Alexandre Derumier
aderumier at odiso.com
Tue Feb 25 13:24:06 CET 2014
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
PVE/Firewall.pm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index a19505a..ea24cfb 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -684,10 +684,10 @@ sub generate_tap_rules_direction {
generate_group_rules($ruleset, $group_rules, $2);
}
ruleset_generate_rule($ruleset, $tapchain, $rule);
- ruleset_addrule($ruleset, $tapchain, "-m mark --mark 1 -g $bridge-IN")
+ ruleset_addrule($ruleset, $tapchain, "-m mark --mark 1 -j RETURN")
if $direction eq 'OUT';
} else {
- $rule->{action} = "$bridge-IN" if $rule->{action} eq 'ACCEPT' && $direction eq 'OUT';
+ $rule->{action} = "RETURN" if $rule->{action} eq 'ACCEPT' && $direction eq 'OUT';
ruleset_generate_rule($ruleset, $tapchain, $rule);
}
}
--
1.7.10.4
More information about the pve-devel
mailing list