> just put the rule in PVEFW-FORWARD, after > > -A PVEFW-FORWARD -m conntrack --ctstate INVALID -j DROP -A PVEFW- > FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
but that only works if the optimize flag is set (else we do not have that rule)? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
