[pve-devel] pvefw security group question
Dietmar Maurer
dietmar at proxmox.com
Wed Feb 19 06:39:17 CET 2014
> I have thinked about it, it's a little bit more complex, we need to check the
> mark after each mark, to be sur to exit the chain, as if we have a DROP rule
> after,it'll not work
I thought we can simply goto a special chain (instead of ACCEPT).
GROUP-security2 chain:
-A GROUP-security2 -p ssh -g PVE_SPECIAL_ACCEPT
...
PVE_SPECIAL_ACCEPT chain:
-A PVE_SPECIAL_ACCEPT -j MARK --set-mark 1
Do you think that will work?
> Also we need to reset the mark in the IN chain, because group rules use
> same mark
yes
More information about the pve-devel
mailing list