>>I would not rely on that. We need a way to correctly update rules without >>relying on previous state.
Ok, I'll send a patch to generale the whole firewall rules. I don't think it'll be slow anyway. (and no more iptables_exist, so it can be more reliable too) But we need to sure that our parser is ok, because if one rule is wrong in 1 vm, we can't apply the rules for all vms. (I just detected a bug, where you can setup a port range like 100-80) I'll try to send a patch today. ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Jeudi 13 Février 2014 19:07:59 Objet: RE: [pve-devel] pve-firewall : iptables V2 > and if the vm is shutdown, the tap chain is already removed on vm_stop. I would not rely on that. We need a way to correctly update rules without relying on previous state. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
