[pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces
Alexandre DERUMIER
aderumier at odiso.com
Tue May 13 09:52:43 CEST 2014
>>Can't we simply do something like:
>>
>>'-A PVEFW-FORWARD -o fwbr+ -j PVEFW-FWBR-IN',
>>'-A PVEFW-FORWARD -i fwbr+ -j PVEFW-FWBR-OUT',
>>
>>So that we do not depend on those 'link' names?
Not possible, both -i fwbr -o fwbr are always defined, we can find the direction
we need to use physin or physout.
IN=fwbr110i0 OUT=fwbr110i0 PHYSIN=link110i0p PHYSOUT=tap110i0
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com
Envoyé: Mardi 13 Mai 2014 09:41:14
Objet: RE: [pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces
> we need to match link+ rule from iptables rules, and need to have a name
> different than link(\d+)i(\d+), for distinguished bridge/ovs interface unplug
We currently generate:
'-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-in link+ -j PVEFW-FWBR-IN',
'-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-out link+ -j PVEFW-FWBR-OUT',
Can't we simply do something like:
'-A PVEFW-FORWARD -o fwbr+ -j PVEFW-FWBR-IN',
'-A PVEFW-FORWARD -i fwbr+ -j PVEFW-FWBR-OUT',
So that we do not depend on those 'link' names?
More information about the pve-devel
mailing list