[pve-devel] pvefw security group question

[Alexandre DERUMIER]

I'm not sure about this:

-A tap110i0-OUT -j GROUP-security1-OUT
	-A GROUP-security1-OUT -j MARK --set-xmark 0x0/0xffffffff
	-A GROUP-security1-OUT -p icmp -g PVEFW-SET-ACCEPT-MARK
	-A GROUP-security1-OUT -p tcp -m tcp --dport 22 -g PVEFW-SET-ACCEPT-MARK
	-A GROUP-security1-OUT -m comment --comment "PVESIG:H5gNFciXSlxFB/xpDqyG9l5+v6M"


-A tap110i0-OUT -m mark --mark 0x1 -g vmbr1-IN


we do a goto to PVEFW-SET-ACCEPT-MARK, but how can this return to TAP chain ?
(I don't have tested it yet)

I think we should do something like this:

-A tap110i0-OUT -j GROUP-security1-OUT
	-A GROUP-security1-OUT -j MARK --set-xmark 0x0/0xffffffff
	-A GROUP-security1-OUT -p icmp -j PVEFW-SET-ACCEPT-MARK
         A GROUP-security1-OUT -m mark --mark 0x1 -j RETURN
	-A GROUP-security1-OUT -p tcp -m tcp --dport 22 -j PVEFW-SET-ACCEPT-MARK
        -A GROUP-security1-OUT -m mark --mark 0x1 -j RETURN
	-A GROUP-security1-OUT -m comment --comment "PVESIG:H5gNFciXSlxFB/xpDqyG9l5+v6M"

-A tap110i0-OUT -m mark --mark 0x1 -g vmbr1-IN
----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "Dietmar Maurer" <dietmar at proxmox.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mercredi 19 Février 2014 11:37:58 
Objet: Re: [pve-devel] pvefw security group question 

it's ok now, 

I'll do tests to see if all is working fine. 

Thanks ! 


----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mercredi 19 Février 2014 11:33:48 
Objet: RE: [pve-devel] pvefw security group question 

> >>fixed 
> 
> Do you have pushed it in git ? I don't see it. 

This can take a few minutes, but it is there now: 

https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=bfbfa8b6ce4c2dba5cccf65fdf57dc0c4273879c 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel