>>My hope is that we can use those SHA1 checksums to see if something changed. Oh, ok, 1 checksum by chain, I understand now
>>Another usage is to clear out all pvefw related rules: >>https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=b16e818ea730142f89b8d7b170a444edb385e531 >> you should also add theses chains to clear all vmbrx-IN vmbrx-OUT GROUP-xxx >>Does that makes sense? Yes. But how do you remove stale chain ? (like a stale tap chain, because of a vm crash for example) ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Vendredi 14 Février 2014 15:13:14 Objet: RE: [pve-devel] pve-firewall : iptables V2 > >>We can old and new ruleset, so there is no need to list > >>/sys/class/net/vmbrX/brif/tapX > > can you provide an example ? So far I added code to parse the output of 'iptables-save': https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=de2a57cdcf099c30feecb5c095328a82d1d154e1 My hope is that we can use those SHA1 checksums to see if something changed. Another usage is to clear out all pvefw related rules: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=b16e818ea730142f89b8d7b170a444edb385e531 Does that makes sense? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
