> I find a bug, we should reset the mark to 0 at the begin of tapxxx-IN, or a > marked packet will be accepted.
oh, good catch. Fixed with: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=31ff3ef69986d3f600e6d8fc68187d79f5284100 hope that works now. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
