[pve-devel] smurfs filter question
Dietmar Maurer
dietmar at proxmox.com
Fri May 9 12:37:47 CEST 2014
current setup example:
PVEFW-FORWARD (PWr857P4rPwHEhsbPd76p/1y4oQ)
-A PVEFW-FORWARD -i venet0 -s 192.168.3.104 -j venet0-104-OUT
-A PVEFW-FORWARD -m conntrack --ctstate INVALID -j DROP
-A PVEFW-FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PVEFW-FORWARD -m physdev --physdev-in link+ -j PVEFW-FWBR-IN
-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-out link+ -j PVEFW-FWBR-OUT
-A PVEFW-FORWARD -o venet0 -d 192.168.3.104 -j venet0-104-IN
PVEFW-FWBR-IN (VF8Azewm8fpGKgFCgJSVok+w8yo)
-A PVEFW-FWBR-IN -m conntrack --ctstate INVALID,NEW -j PVEFW-smurfs
-A PVEFW-FWBR-IN -p tcp -j PVEFW-tcpflags
-A PVEFW-FWBR-IN -m physdev --physdev-is-bridged --physdev-out tap100i0 -j tap100i0-IN
Looks like PVEFW-smurfs is never called for packets to openvz containers (venet0)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140509/20d67667/attachment.htm>
More information about the pve-devel
mailing list