[pve-devel] [PATCH] add ips feature v2
Dietmar Maurer
dietmar at proxmox.com
Mon Mar 17 12:51:04 CET 2014
Please ignore me - I need some more time to review the patch.
> -----Original Message-----
> From: pve-devel [mailto:pve-devel-bounces at pve.proxmox.com] On Behalf
> Of Dietmar Maurer
> Sent: Montag, 17. März 2014 12:48
> To: Alexandre Derumier; pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] [PATCH] add ips feature v2
>
> > # fixme: this is an optimization? if so, we should also drop
> > INVALID packages?
> > - ruleset_insertrule($ruleset, "PVEFW-FORWARD", "-m conntrack --
> ctstate
> > RELATED,ESTABLISHED -j ACCEPT");
> > -
> > + ruleset_insertrule($ruleset, "PVEFW-FORWARD", "-m conntrack
> > + --ctstate RELATED,ESTABLISHED -j PVEFW-Accept");
>
> Confused now. You just explained that this does not work in the previous
> mail?
>
> >>If we ACCEPT at begin of forward, we bypass ip.
> >>and we jump to NFQUEUE at begin of forward, we are going to ips for
> >>all vms (I want to enable it by vm)
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list