[pve-devel] [PATCH 1/4] bypass firewall for non firewall bridges
Alexandre DERUMIER
aderumier at odiso.com
Fri May 9 11:27:02 CEST 2014
maybe better :
before
------
-A FORWARD -j PVEFW-FORWARD
-A PVEFW-FORWARD ! -i fwbr+ -j ACCEPT
after
-----
-A FORWARD -i fwbr+ -j PVEFW-FORWARD
----- Mail original -----
De: "Alexandre DERUMIER" <aderumier at odiso.com>
À: "Dietmar Maurer" <dietmar at proxmox.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Vendredi 9 Mai 2014 11:24:07
Objet: Re: [pve-devel] [PATCH 1/4] bypass firewall for non firewall bridges
>>wouldn't it be better to use RETURN to minimize impact on existing rules?
Do you mean existing rules from users manually defined with iptables directly?
I think we can do it indeed.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com
Envoyé: Vendredi 9 Mai 2014 10:50:43
Objet: RE: [pve-devel] [PATCH 1/4] bypass firewall for non firewall bridges
> ruleset_create_chain($ruleset, "PVEFW-FORWARD");
> + #bypass firewall for non firewalled bridge
> + ruleset_addrule($ruleset, "PVEFW-FORWARD", "! -i fwbr+ -j ACCEPT");
> +
wouldn't it be better to use RETURN to minimize impact on existing rules?
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list