[pve-devel] [PATCH 1/4] bypass firewall for non firewall bridges
Dietmar Maurer
dietmar at proxmox.com
Fri May 9 13:29:12 CEST 2014
> >>This does not work, because it accepts traffic from venet0!
>
> Ok, I'll check that.
But seems to work perfectly without that. Maybe we should add another chains for venet related
traffic:
PVEFW-VENET-IN
-A PVEFW-VENET-IN -m conntrack --ctstate INVALID,NEW -j PVEFW-smurfs
-A PVEFW-VENET-IN -p tcp -j PVEFW-tcpflags
-A PVEFW-VENET-IN -i venet0 -s 192.168.3.104 -j venet0-104-OUT
PVEFW-VENET-OUT
...
what do you think?
More information about the pve-devel
mailing list