[pve-devel] RFC : iptables implementation

[Dietmar Maurer]

> >>I am not sure if that model correctly handle traffic form one VM to another
> (traffic from VM1 to VM2)?
> >>Because you would need to apply out rules for VM1, the in rules for VM2.
> >>Does that work - if so how?
> 
> Well, is like to have 2vms behind 2 firewalls.

OK, so I just believe you that this will work ;-) 
(I just wonder why shorewall need those forwarding chains if it work without)

Next step would be to write a prototype to show that it actually works.