[pve-devel] [PATCH 2/2] bridge rules : -j ACCEPT for physical interfaces
Dietmar Maurer
dietmar at proxmox.com
Tue Feb 25 16:55:51 CET 2014
> I see 3 cases:
>
> ethX->tap-in :
> --------------
> incoming ethX is not firewall
> tap-in do the ACCEPT
>
> tap out->tap in :
> ----------------
> tap-out do the RETURN
> tap-in do the ACCEPT
>
> tap out->ethX :
> ---------------
> tap-out do the RETURN,
> so we need an accept for ethX
What about this case:
ethX->unmanaged-tap :
--------------
incoming ethX is not firewall
outgoing tap is not managed by our firewall
More information about the pve-devel
mailing list