[pve-devel] [PATCH 2/2] bridge rules : -j ACCEPT for physical interfaces
Alexandre DERUMIER
aderumier at odiso.com
Thu Feb 27 12:33:21 CET 2014
>>So inside FORWARD, both --physdev-is-in and --physdev-is-out are always true (if --physdev-is-bridged is set)?
Yes. (I check all my logs, I always see both, and that make sense as we forward a packet from on interface to other interface)
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Jeudi 27 Février 2014 12:15:45
Objet: RE: [pve-devel] [PATCH 2/2] bridge rules : -j ACCEPT for physical interfaces
> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Donnerstag, 27. Februar 2014 12:06
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] [PATCH 2/2] bridge rules : -j ACCEPT for physical
> interfaces
>
> >>That would accept packages where --physdev-is-out is not set (can that
> happen?)?
>
> I don't think it can happen in FORWARD.
>
> but it's possible in INPUT or OUTPUT (host -> physin(tap,eth..) ,
> physout(tap,eth)->host)
So inside FORWARD, both --physdev-is-in and --physdev-is-out are always true (if --physdev-is-bridged is set)?
More information about the pve-devel
mailing list