maybe better : before ------ -A FORWARD -j PVEFW-FORWARD -A PVEFW-FORWARD ! -i fwbr+ -j ACCEPT
after ----- -A FORWARD -i fwbr+ -j PVEFW-FORWARD ----- Mail original ----- De: "Alexandre DERUMIER" <[email protected]> À: "Dietmar Maurer" <[email protected]> Cc: [email protected] Envoyé: Vendredi 9 Mai 2014 11:24:07 Objet: Re: [pve-devel] [PATCH 1/4] bypass firewall for non firewall bridges >>wouldn't it be better to use RETURN to minimize impact on existing rules? Do you mean existing rules from users manually defined with iptables directly? I think we can do it indeed. ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre Derumier" <[email protected]>, [email protected] Envoyé: Vendredi 9 Mai 2014 10:50:43 Objet: RE: [pve-devel] [PATCH 1/4] bypass firewall for non firewall bridges > ruleset_create_chain($ruleset, "PVEFW-FORWARD"); > + #bypass firewall for non firewalled bridge > + ruleset_addrule($ruleset, "PVEFW-FORWARD", "! -i fwbr+ -j ACCEPT"); > + wouldn't it be better to use RETURN to minimize impact on existing rules? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
