[pve-devel] pve-firewall : nftables ?
Wolfgang Bumiller
w.bumiller at proxmox.com
Wed Nov 28 12:44:06 CET 2018
On Wed, Nov 28, 2018 at 12:03:23PM +0100, Alexandre DERUMIER wrote:
> >>I mean, it does "work™" if we keep the firewall bridges around, as we
> >>can match on `fwbr404i0` etc...
>
> >>But it would be nice if we could get rid of those...
>
> AFAIK, we also have added fwbr because we wanted the packet going twice in netfilter,
> once for vm1 output
> once for vm2 input
Right, we don't get the output vmid via the netdev table that way...
That's unfortunate... Maybe at postrouting... hmm. If only there were
'egress' hooks in the netdev chain as well.
More information about the pve-devel
mailing list