> just put the rule in PVEFW-FORWARD, after
> 
> -A PVEFW-FORWARD -m conntrack --ctstate INVALID -j DROP -A PVEFW-
> FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

but that only works if the optimize flag is set (else we do not have that rule)?

_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to