> # fixme: this is an optimization? if so, we should also drop INVALID
> packages?
> - ruleset_insertrule($ruleset, "PVEFW-FORWARD", "-m conntrack --ctstate
> RELATED,ESTABLISHED -j ACCEPT");
> -
> + if(!$ips_enable){
> + ruleset_insertrule($ruleset, "PVEFW-FORWARD", "-m conntrack --
> ctstate RELATED,ESTABLISHED -j ACCEPT");
> + }
What happens here if ips is enabled? Don't we need to jump to NFQUEUE?
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
