[pve-devel] [PATCH 2/2] bridge rules : -j ACCEPT for physical interfaces
Dietmar Maurer
dietmar at proxmox.com
Thu Feb 27 12:15:45 CET 2014
> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Donnerstag, 27. Februar 2014 12:06
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] [PATCH 2/2] bridge rules : -j ACCEPT for physical
> interfaces
>
> >>That would accept packages where --physdev-is-out is not set (can that
> happen?)?
>
> I don't think it can happen in FORWARD.
>
> but it's possible in INPUT or OUTPUT (host -> physin(tap,eth..) ,
> physout(tap,eth)->host)
So inside FORWARD, both --physdev-is-in and --physdev-is-out are always true (if --physdev-is-bridged is set)?
More information about the pve-devel
mailing list