>>I wonder if we can use --mark to simply the whole thing? Maybe use >> >>-J MARK --set-mark 1 >> >>to mark packets which should be ACCEPTED? Does that help?
AFAIK, MARK can only be used in mangle table, not in filter table ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Mardi 18 Février 2014 17:48:10 Objet: RE: pvefw security group question > this is bad, because if you need to firewall tap1i0-OUT -> tap2-IN, it'll do > an > ACCEPT in group chain, and bypass tap2 inbound rules. I wonder if we can use --mark to simply the whole thing? Maybe use -J MARK --set-mark 1 to mark packets which should be ACCEPTED? Does that help? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
