[pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces
Dietmar Maurer
dietmar at proxmox.com
Tue May 13 19:05:34 CEST 2014
> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Dienstag, 13. Mai 2014 18:41
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces
>
> venet0->tap
> -----------
>
> venet0->vmbr0v94-->fwbr123i0-->tap123i0
>
> May 13 18:38:57 kvmtest1 kernel: FORWARD: IN=venet0 OUT=vmbr0v94
> SRC=10.3.94.203 DST=10.3.94.201 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
> PROTO=ICMP TYPE=8 CODE=0 ID=1664 SEQ=1
> May 13 18:38:57 kvmtest1 kernel: FORWARD: IN=fwbr123i0 OUT=fwbr123i0
> PHYSIN=link123p0 PHYSOUT=tap123i0 SRC=10.3.94.203 DST=10.3.94.201
> LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0
> ID=1664 SEQ=1
>
> tap->venet0
> -----------
> May 13 18:38:57 kvmtest1 kernel: FORWARD: IN=fwbr123i0 OUT=fwbr123i0
> PHYSIN=tap123i0 PHYSOUT=link123p0 SRC=10.3.94.201 DST=10.3.94.203
> LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=22409 PROTO=ICMP TYPE=0 CODE=0
> ID=1664 SEQ=1
> May 13 18:38:57 kvmtest1 kernel: FORWARD: IN=vmbr0v94 OUT=venet0
> PHYSIN=link123i0 SRC=10.3.94.201 DST=10.3.94.203 LEN=84 TOS=0x00
> PREC=0x00 TTL=63 ID=22409 PROTO=ICMP TYPE=0 CODE=0 ID=1664 SEQ=1
>
>
> so, yes, bad idea ;)
So what packages do you want to block exactly?
-A PVEFW-FORWARD -o vmbr+ -m physdev --physdev-is-bridged -j RETURN
More information about the pve-devel
mailing list