[pve-devel] pvefw: using ctmark to associacte connections to VMs

[Dietmar Maurer]

> It's possible with ipset, to dynamicaly add to ipset ipmap, an src ip from a
> iptables match
> 
> 
> "iptables -m mac --mac-source $macaddr -j SET --add-set tapxxxipmap src"
> 
> 
> 
> So, maybe is it possible to create 1 ipset ipmap by tap device, and in tap-out
> chain, add src(s) to tap ipset.
> 
> Like this, we can have the list of all ips of all tap interfaces.

Oh, interesting idea! I guess we can try/test that after adding ipset support.