[pve-devel] [PATCH 1/8] bypass firewall for non firewall bridges

Alexandre Derumier aderumier at odiso.com
Wed Apr 30 10:56:30 CEST 2014


Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 src/PVE/Firewall.pm |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index c4bc308..3ea095c 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2652,6 +2652,9 @@ sub compile {
     ruleset_create_chain($ruleset, "PVEFW-OUTPUT");
 
     ruleset_create_chain($ruleset, "PVEFW-FORWARD");
+    #bypass firewall for non firewalled bridge
+    ruleset_addrule($ruleset, "PVEFW-FORWARD", "! -i fwbr+ -j ACCEPT");
+
 
     my $hostfw_options = $hostfw_conf->{options} || {};
 
-- 
1.7.10.4



More information about the pve-devel mailing list