iptables-restore v1.4.14: no command specified Error occurred at line: 36 I tested with your example (first patch)
./pvefw enablevmfw -vmid 100 line 36 is the 'COMMIT' what is wrong with that? ----------------- *filter :BRIDGEFW-OUT - [0:0] :BRIDGEFW-IN - [0:0] :proxmoxfw-FORWARD - [0:0] -I FORWARD -j proxmoxfw-FORWARD -A proxmoxfw-FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A proxmoxfw-FORWARD -m physdev --physdev-is-in --physdev-is-bridged -j BRIDGEFW-OUT -A proxmoxfw-FORWARD -m physdev --physdev-is-out --physdev-is-bridged -j BRIDGEFW-IN :proxmoxfw-INPUT - [0:0] -I INPUT -j proxmoxfw-INPUT -A INPUT -j ACCEPT :vmbr0-IN - [0:0] -A proxmoxfw-FORWARD -i vmbr0 -j DROP -A BRIDGEFW-IN -j vmbr0-IN -A vmbr0-IN -j ACCEPT :vmbr0-OUT - [0:0] -A proxmoxfw-FORWARD -o vmbr0 -j DROP -A BRIDGEFW-OUT -j vmbr0-OUT :tap100i0-IN - [0:0] -A tap100i0-IN -m state --state INVALID -j DROP -A tap100i0-IN -m state --state RELATED,ESTABLISHED -j ACCEPT -A tap100i0-IN -p tcp --dport 22 -j ACCEPT -A tap100i0-IN -p icmp -j ACCEPT -A tap100i0-IN -j LOG --log-prefix "tap100i0-IN-dropped: " --log-level 4 -A tap100i0-IN -j DROP -I vmbr0-IN -m physdev --physdev-out tap100i0 --physdev-is-bridged -j tap100i0-IN :tap100i0-OUT - [0:0] -A tap100i0-OUT -m state --state INVALID -j DROP -A tap100i0-OUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A tap100i0-OUT -p icmp -j vmbr0-IN -A tap100i0-OUT -p tcp --dport 80 -j vmbr0-IN -A tap100i0-OUT -j LOG --log-prefix "tap100i0-OUT-dropped: " --log-level 4 -A tap100i0-OUT -j DROP -I vmbr0-OUT -m physdev --physdev-in tap100i0 --physdev-is-bridged -j tap100i0-OUT -A proxmoxfw-INPUT -m physdev --physdev-in tap100i0 -j tap100i0-OUT COMMIT ------------------- > -----Original Message----- > From: Alexandre DERUMIER [mailto:[email protected]] > Sent: Freitag, 14. Februar 2014 10:42 > To: Dietmar Maurer > Cc: [email protected] > Subject: Re: [pve-devel] pve-firewall : iptables V2 > > >>I need to play around with that code first - I need more time to > >>contribute something useful ;-) > Ok, sure no problem > > > ----- Mail original ----- > > De: "Dietmar Maurer" <[email protected]> > À: "Alexandre DERUMIER" <[email protected]> > Cc: [email protected] > Envoyé: Vendredi 14 Février 2014 10:39:20 > Objet: RE: [pve-devel] pve-firewall : iptables V2 > > > >>We can old and new ruleset, so there is no need to list > > >>/sys/class/net/vmbrX/brif/tapX > > > > can you provide an example ? > > I need to play around with that code first - I need more time to contribute > something useful ;-) _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
