>>Bu t i just noticed that we need 2 different marks, because we can traffic >>from VM1 to VM2. So we need 2 marks/zones?
Yes, in 1line conntrack line, you have in/out. not sure how to implemented that, as they are only 1 mark or 1 zone field. ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre DERUMIER" <[email protected]> Cc: [email protected] Envoyé: Dimanche 2 Mars 2014 09:07:19 Objet: RE: [pve-devel] pvefw: using ctmark to associacte connections to VMs Thanks for that link. Bu t i just noticed that we need 2 different marks, because we can traffic from VM1 to VM2. So we need 2 marks/zones? > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5 > d0aa2ccd4699a01cfdf14886191c249d7b45a01 > > netfilter: nf_conntrack: add support for "conntrack zones" > Normally, each connection needs a unique identity. Conntrack zones allow > to specify a numerical zone using the CT target, connections in different > zones can use the same identity. _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
