[pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces

Tue May 13 09:41:14 CEST 2014

> we need to match link+ rule from iptables rules, and need to have a name
> different than link(\d+)i(\d+), for distinguished bridge/ovs interface unplug

We currently generate:
    '-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-in link+ -j PVEFW-FWBR-IN',
    '-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-out link+ -j PVEFW-FWBR-OUT',

Can't we simply do something like:

    '-A PVEFW-FORWARD -o fwbr+ -j PVEFW-FWBR-IN',
    '-A PVEFW-FORWARD -i fwbr+  -j PVEFW-FWBR-OUT',

So that we do not depend on those 'link' names?