>>Why not: >> >>-A PVEFW-FORWARD -i vmbr+ -j RETURN >> >>or is this a bad idea?
I need to verify if we don't have -i vmbr+ -o venet0 matching rule ----- Mail original ----- De: "Dietmar Maurer" <diet...@proxmox.com> À: "Alexandre DERUMIER" <aderum...@odiso.com> Cc: pve-devel@pve.proxmox.com Envoyé: Mardi 13 Mai 2014 18:23:20 Objet: RE: [pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces > Yes, but an important, because each packet going out from fwbr do > > first iptables lookup > ---------------------- > tap->fwbr->fwln > > second iptables lookup > ----------------------- > fwpr->vmbr->... > > > so, for this second lookup, we'll parse all the main chains. Why not: -A PVEFW-FORWARD -i vmbr+ -j RETURN or is this a bad idea? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
