[pve-devel] [PATCH 1/4] bypass firewall for non firewall bridges

Alexandre DERUMIER aderumier at odiso.com
Fri May 9 11:24:07 CEST 2014


>>wouldn't it be better to use RETURN to minimize impact on existing rules?

Do you mean existing rules from users manually defined with iptables directly?

I think we can do it indeed.




----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com 
Envoyé: Vendredi 9 Mai 2014 10:50:43 
Objet: RE: [pve-devel] [PATCH 1/4] bypass firewall for non firewall bridges 

> ruleset_create_chain($ruleset, "PVEFW-FORWARD"); 
> + #bypass firewall for non firewalled bridge 
> + ruleset_addrule($ruleset, "PVEFW-FORWARD", "! -i fwbr+ -j ACCEPT"); 
> + 

wouldn't it be better to use RETURN to minimize impact on existing rules? 


More information about the pve-devel mailing list