> I have thinked about it, it's a little bit more complex, we need to check the > mark after each mark, to be sur to exit the chain, as if we have a DROP rule > after,it'll not work
I thought we can simply goto a special chain (instead of ACCEPT). GROUP-security2 chain: -A GROUP-security2 -p ssh -g PVE_SPECIAL_ACCEPT ... PVE_SPECIAL_ACCEPT chain: -A PVE_SPECIAL_ACCEPT -j MARK --set-mark 1 Do you think that will work? > Also we need to reset the mark in the IN chain, because group rules use > same mark yes _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
