>>So inside FORWARD, both --physdev-is-in and --physdev-is-out are always true >>(if --physdev-is-bridged is set)?
Yes. (I check all my logs, I always see both, and that make sense as we forward a packet from on interface to other interface) ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Jeudi 27 Février 2014 12:15:45 Objet: RE: [pve-devel] [PATCH 2/2] bridge rules : -j ACCEPT for physical interfaces > -----Original Message----- > From: Alexandre DERUMIER [mailto:[email protected]] > Sent: Donnerstag, 27. Februar 2014 12:06 > To: Dietmar Maurer > Cc: [email protected] > Subject: Re: [pve-devel] [PATCH 2/2] bridge rules : -j ACCEPT for physical > interfaces > > >>That would accept packages where --physdev-is-out is not set (can that > happen?)? > > I don't think it can happen in FORWARD. > > but it's possible in INPUT or OUTPUT (host -> physin(tap,eth..) , > physout(tap,eth)->host) So inside FORWARD, both --physdev-is-in and --physdev-is-out are always true (if --physdev-is-bridged is set)? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
