>>i get the following ebtables: >> >>active layer2filters (ARP): >> >>Bridge chain: tap102i0-OUT, entries: 4, policy: ACCEPT >>-s ! d2:d6:ce:ec:ae:b8 -j DROP >>-p ARP -j ACCEPT >>-j DROP >>-j ACCEPT >> >>This looks wrong (DROP / ACCEPT)
I don't think it's a problem, you'll go to DROP, if you don't match layer2filter, and never go to the final accept. do you have tested it ? ----- Mail original ----- De: "Stefan Priebe - Profihost AG" <s.pri...@profihost.ag> À: "Alexandre Derumier" <aderum...@odiso.com>, pve-devel@pve.proxmox.com Envoyé: Mercredi 16 Juillet 2014 10:31:15 Objet: Re: [pve-devel] pve-firewall : ip6tables + ebtables v4 Hi, Am 16.07.2014 01:14, schrieb Alexandre Derumier: > changelog: > > - clean all trailing whitespaces > - add remove_pvefw_chains for ip6tables (for firewall stop) > - add last stefan patch for ebtables mac parsing i get the following ebtables: active layer2filters (ARP): Bridge chain: tap102i0-OUT, entries: 4, policy: ACCEPT -s ! d2:d6:ce:ec:ae:b8 -j DROP -p ARP -j ACCEPT -j DROP -j ACCEPT This looks wrong (DROP / ACCEPT) no layer2filters: Bridge chain: tap103i0-OUT, entries: 2, policy: ACCEPT -s ! e:df:d:91:a8:60 -j DROP -j ACCEPT Stefan _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
