[pve-devel] pve-firewall : bypass firewall for non firewalled vms v2
Alexandre Derumier
aderumier at odiso.com
Sat May 10 14:06:03 CEST 2014
changelog:
my first patch produce duplicate entries for -j PVEFW-FORWARD
so better to keep a simple jump from FORWARD,
like this:
-A FORWARD -j PVEFW-FORWARD
-A PVEFW-FORWARD -i fwbr+ -j PVEFW-FORWARD-FW
-A PVEFW-FORWARD -o venet0 -m set --match-set PVEFW-venet0 dst -j PVEFW-FORWARD-FW
-A PVEFW-FORWARD -i venet0 -m set --match-set PVEFW-venet0 src -j PVEFW-FORWARD-FW
-A PVEFW-FORWARD-FW -m conntrack --ctstate INVALID -j DROP
-A PVEFW-FORWARD-FW -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PVEFW-FORWARD-FW -m physdev --physdev-out link+ --physdev-is-bridged -j PVEFW-FWBR-OUT
-A PVEFW-FORWARD-FW -i vnet0 -j PVEFW-VENET-OUT
-A PVEFW-FORWARD-FW -m physdev --physdev-in link+ -j PVEFW-FWBR-IN
-A PVEFW-FORWARD-FW -o vnet0 -j PVEFW-VENET-IN
More information about the pve-devel
mailing list