[pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces
Dietmar Maurer
dietmar at proxmox.com
Tue May 13 14:57:46 CEST 2014
> Note that we can improve rule add -i fwbr+
>
> -- -A PVEFW-FORWARD -m physdev --physdev-in link+
>
> ++ -A PVEFW-FORWARD -i fwbr+ -m physdev --physdev-in link+
>
>
> because we have also packets from link->vmbr and vmbr->link coming to
> iptables (that's also why I have sent a patch to bypass firewall rules for non
> firewalled interfaces)
or we rename the other side of the link to "peer${vmid}i${devid}" ?
Also, I would prefer a common prefix for all firewall related network devices,
for example:
link ==> fwln
peer ==> fwpr
fwbr <==> fwbr (keep that name)
what do you think?
I would prefer longer names, but kernel iface name length is restricted.
More information about the pve-devel
mailing list