[pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces

[Alexandre DERUMIER]

>>Why not: 
>>
>>-A PVEFW-FORWARD -i vmbr+ -j RETURN 
>>
>>or is this a bad idea? 

I need to verify if we don't have -i vmbr+ -o venet0  matching rule


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mardi 13 Mai 2014 18:23:20 
Objet: RE: [pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces 

> Yes, but an important, because each packet going out from fwbr do 
> 
> first iptables lookup 
> ---------------------- 
> tap->fwbr->fwln 
> 
> second iptables lookup 
> ----------------------- 
> fwpr->vmbr->... 
> 
> 
> so, for this second lookup, we'll parse all the main chains. 

Why not: 

-A PVEFW-FORWARD -i vmbr+ -j RETURN 

or is this a bad idea?