[pve-devel] pvefw: why do we check vmbr0-IN for INPUT

Dietmar Maurer dietmar at proxmox.com
Thu Feb 20 17:40:24 CET 2014


Why do we check vmbr0-IN for INPUT?

-----

-A PVEFW-INPUT -m physdev --physdev-in tap100i0 -j tap100i0-OUT
...
-A tap100i0-OUT -m mark --mark 0x1 -g vmbr0-IN
...
-A vmbr0-IN -m physdev --physdev-out tap100i0 --physdev-is-bridged -j tap100i0-IN
-A vmbr0-IN -j ACCEPT
...

That looks strange to me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140220/7ad09271/attachment.htm>


More information about the pve-devel mailing list