> >>It does not work with NFQUEUE (requires PFEFW-Accept, which is also > slow)? > > if no ips in any taps, do an -j ACCEPT > > else > > do -j PVEFW-Accept > (which is faster than going into all tap-outs, tap-in chains, because we are > going only into tap-in chains with ips enabled)
Maybe we can add a new 'optimize' flag to the host.fw. So that we can easily turn on/off those optimizations? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
