> in this case: > > tap1-out : ACCEPT (ips off) -----> tap2-in : ACCEPT (ips on) > > > We don't want always NFQUEUE in tap1-out, because ips is off, but we want > NFQUEUE if the destination have ips on.
I do not understand this. In tap-out we simply set the mark (we do not jump to ACCEPT there), so why is that a problem? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
