ok, seem great :) ----- Mail original -----
De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Mercredi 26 Février 2014 17:38:53 Objet: RE: pvefw: use custom Drop/Reject > how is is implemented in tapchain for example ? I currently only use it for the policy, but the plan us to use it for all DROP/REJECT. -A tap100i0-OUT -m conntrack --ctstate INVALID,NEW -j PVEFW-smurfs -A tap100i0-OUT -p tcp -j PVEFW-tcpflags -A tap100i0-OUT -m conntrack --ctstate INVALID -j DROP -A tap100i0-OUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A tap100i0-OUT -j GROUP-group1-OUT -A tap100i0-OUT -m mark --mark 1 -j RETURN -A tap100i0-OUT -p tcp --dport 80 -g PVEFW-SET-ACCEPT-MARK # reject policy -A tap100i0-OUT -j PVEFW-Reject -A tap100i0-OUT -j LOG --log-prefix "tap100i0-OUT-reject: " --log-level 4 -A tap100i0-OUT -g PVEFW-reject _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
