[pve-devel] RFC : iptables implementation

Dietmar Maurer dietmar at proxmox.com
Fri Jan 24 06:50:13 CET 2014


> >>But they test everything twice that way?
> 
> Yes, I don't known why.
> maybe they want to be sure that tap to tap filtering is done only on known tap
> interfaces with firewall enable ?

Yes, I think so.

But one could avoid double checks by using '-j cleaup-chain' instead of 
using RETURN in tab-xxx chains?


More information about the pve-devel mailing list