[pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces
Dietmar Maurer
dietmar at proxmox.com
Tue May 13 10:03:57 CEST 2014
> >>'-A PVEFW-FORWARD -o fwbr+ -j PVEFW-FWBR-IN', '-A PVEFW-FORWARD
> -i
> >>fwbr+ -j PVEFW-FWBR-OUT',
> >>
> >>So that we do not depend on those 'link' names?
>
> Not possible, both -i fwbr -o fwbr are always defined, we can find the
> direction we need to use physin or physout.
>
> IN=fwbr110i0 OUT=fwbr110i0 PHYSIN=link110i0p PHYSOUT=tap110i0
So we can use:
-A PVEFW-FORWARD -i fwbr+ -m physdev --physdev-is-bridged --physdev-out tap+ -j PVEFW-FWBR-IN
-A PVEFW-FORWARD -I fwbr+ -m physdev --physdev-is-bridged --physdev-in tap+ -j PVEFW-FWBR-OUT
?
More information about the pve-devel
mailing list