> Yes, but an important, because each packet going out from fwbr do > > first iptables lookup > ---------------------- > tap->fwbr->fwln > > second iptables lookup > ----------------------- > fwpr->vmbr->... > > > so, for this second lookup, we'll parse all the main chains.
Why not: -A PVEFW-FORWARD -i vmbr+ -j RETURN or is this a bad idea? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
