Hi, Am 19.03.2017 um 14:44 schrieb Dietmar Maurer: >> After digging around for some weeks i found out that the chain FORWARD >> does not receive packets anymore? > > And hints in syslog?
No the reason is simply that net.bridge.bridge-nf-call-iptables is 0 again. Most probably because /etc/sysctl.d is reinitialized for some reason. To me the main question is why does pve-cluster provide a default of 0 which disables iptables for bridges and makes pve-firewall useless for linux bridges. > Which kernel do you run exactly? Tested with my own vanilla 4.4 kernel and with 4.4.44-1-pve. But again this behaviour is expected with net.bridge.bridge-nf-call-iptables=0 for all kernels. Greets, Stefan _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel