[pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces

Tue May 13 10:08:52 CEST 2014

>>So we can use:
>>
>>        -A PVEFW-FORWARD -i fwbr+ -m physdev --physdev-is-bridged --physdev-out tap+ -j PVEFW-FWBR-IN
>>        -A PVEFW-FORWARD -I fwbr+ -m physdev --physdev-is-bridged --physdev-in tap+ -j PVEFW-FWBR-OUT
>>
>>?

Yes, but for veth interfaces ?  (extra rules, and veth can be random I think ?)

----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mardi 13 Mai 2014 10:03:57 
Objet: RE: [pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces 

> >>'-A PVEFW-FORWARD -o fwbr+ -j PVEFW-FWBR-IN', '-A PVEFW-FORWARD 
> -i 
> >>fwbr+ -j PVEFW-FWBR-OUT', 
> >> 
> >>So that we do not depend on those 'link' names? 
> 
> Not possible, both -i fwbr -o fwbr are always defined, we can find the 
> direction we need to use physin or physout. 
> 
> IN=fwbr110i0 OUT=fwbr110i0 PHYSIN=link110i0p PHYSOUT=tap110i0 

So we can use: 

-A PVEFW-FORWARD -i fwbr+ -m physdev --physdev-is-bridged --physdev-out tap+ -j PVEFW-FWBR-IN 
-A PVEFW-FORWARD -I fwbr+ -m physdev --physdev-is-bridged --physdev-in tap+ -j PVEFW-FWBR-OUT 

? 