> just put the rule in PVEFW-FORWARD, after > > -A PVEFW-FORWARD -m conntrack --ctstate INVALID -j DROP -A PVEFW- > FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
but that only works if the optimize flag is set (else we do not have that rule)? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel