[pve-devel] [PATCH 6/8] check in|out vethp interface for direction of the fwbr

Alexandre Derumier aderumier at odiso.com
Wed Apr 30 10:56:35 CEST 2014


Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 src/PVE/Firewall.pm |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index ddc7baa..302db30 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2609,12 +2609,12 @@ sub compile {
 	    ruleset_addrule($ruleset, "PVEFW-FWBR-IN", "-p tcp -j PVEFW-tcpflags");
 	}
 
-        ruleset_addrule($ruleset, "PVEFW-FORWARD", "-m physdev --physdev-out tap+ -j PVEFW-FWBR-IN");
+        ruleset_addrule($ruleset, "PVEFW-FORWARD", "-m physdev --physdev-in veth+ -j PVEFW-FWBR-IN");
     }
 
     if (!ruleset_chain_exist($ruleset, "PVEFW-FWBR-OUT")) {
         ruleset_create_chain($ruleset, "PVEFW-FWBR-OUT");
-        ruleset_addrule($ruleset, "PVEFW-FORWARD", "-m physdev --physdev-in tap+ -j PVEFW-FWBR-OUT");
+        ruleset_addrule($ruleset, "PVEFW-FORWARD", "-m physdev --physdev-out veth+ -j PVEFW-FWBR-OUT");
     }
 
     generate_std_chains($ruleset, $hostfw_options);
-- 
1.7.10.4



More information about the pve-devel mailing list