[pve-devel] pvefw: using ctmark to associacte connections to VMs
Dietmar Maurer
dietmar at proxmox.com
Sun Mar 2 09:07:19 CET 2014
Thanks for that link.
Bu t i just noticed that we need 2 different marks, because we can traffic
from VM1 to VM2. So we need 2 marks/zones?
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5
> d0aa2ccd4699a01cfdf14886191c249d7b45a01
>
> netfilter: nf_conntrack: add support for "conntrack zones"
> Normally, each connection needs a unique identity. Conntrack zones allow
> to specify a numerical zone using the CT target, connections in different
> zones can use the same identity.
More information about the pve-devel
mailing list