[pve-devel] [PATCH] add ips feature v2

Dietmar Maurer dietmar at proxmox.com
Mon Mar 17 12:51:04 CET 2014


Please ignore me - I need some more time to review the patch.

> -----Original Message-----
> From: pve-devel [mailto:pve-devel-bounces at pve.proxmox.com] On Behalf
> Of Dietmar Maurer
> Sent: Montag, 17. März 2014 12:48
> To: Alexandre Derumier; pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] [PATCH] add ips feature v2
> 
> >      # fixme: this is an optimization? if so, we should also drop
> > INVALID packages?
> > -    ruleset_insertrule($ruleset, "PVEFW-FORWARD", "-m conntrack --
> ctstate
> > RELATED,ESTABLISHED -j ACCEPT");
> > -
> > +    ruleset_insertrule($ruleset, "PVEFW-FORWARD", "-m conntrack
> > + --ctstate RELATED,ESTABLISHED -j PVEFW-Accept");
> 
> Confused now. You just explained that this does not work in the previous
> mail?
> 
> >>If we ACCEPT at begin of forward, we bypass ip.
> >>and we jump to NFQUEUE at begin of forward, we are going to ips for
> >>all vms (I want to enable it by vm)
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel





More information about the pve-devel mailing list