[pve-devel] smurfs filter question

Dietmar Maurer dietmar at proxmox.com
Fri May 9 12:37:47 CEST 2014


current setup example:

PVEFW-FORWARD (PWr857P4rPwHEhsbPd76p/1y4oQ)
                -A PVEFW-FORWARD -i venet0 -s 192.168.3.104 -j venet0-104-OUT
                -A PVEFW-FORWARD -m conntrack --ctstate INVALID -j DROP
                -A PVEFW-FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
                -A PVEFW-FORWARD -m physdev --physdev-in link+ -j PVEFW-FWBR-IN
                -A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-out link+ -j PVEFW-FWBR-OUT
                -A PVEFW-FORWARD -o venet0 -d 192.168.3.104 -j venet0-104-IN
PVEFW-FWBR-IN (VF8Azewm8fpGKgFCgJSVok+w8yo)
                -A PVEFW-FWBR-IN -m conntrack --ctstate INVALID,NEW -j PVEFW-smurfs
                -A PVEFW-FWBR-IN -p tcp -j PVEFW-tcpflags
                -A PVEFW-FWBR-IN -m physdev --physdev-is-bridged --physdev-out tap100i0 -j tap100i0-IN

Looks like PVEFW-smurfs is never called for packets to openvz containers (venet0)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140509/20d67667/attachment.htm>


More information about the pve-devel mailing list