[pve-devel] question about --physdev-is-bridged

Fri May 9 16:03:16 CEST 2014

>>-A PVEFW-FORWARD -m physdev --physdev-in link+ -j PVEFW-FWBR-IN # why don’t we use ‘--physdev-is-bridged’ here? 

I think we can add it.

(I think we don't have any "routed" traffic now with the new model)

----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER (aderumier at odiso.com)" <aderumier at odiso.com>, pve-devel at pve.proxmox.com 
Envoyé: Vendredi 9 Mai 2014 12:29:01 
Objet: question about --physdev-is-bridged 

question inline in comment: 

PVEFW-FORWARD (PWr857P4rPwHEhsbPd76p/1y4oQ) 
-A PVEFW-FORWARD -i venet0 -s 192.168.3.104 -j venet0-104-OUT 
-A PVEFW-FORWARD -m conntrack --ctstate INVALID -j DROP 
-A PVEFW-FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A PVEFW-FORWARD -m physdev --physdev-in link+ -j PVEFW-FWBR-IN # why don’t we use ‘--physdev-is-bridged’ here? 
-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-out link+ -j PVEFW-FWBR-OUT 