>>Can't we simply do something like: >> >>'-A PVEFW-FORWARD -o fwbr+ -j PVEFW-FWBR-IN', >>'-A PVEFW-FORWARD -i fwbr+ -j PVEFW-FWBR-OUT', >> >>So that we do not depend on those 'link' names?
Not possible, both -i fwbr -o fwbr are always defined, we can find the direction we need to use physin or physout. IN=fwbr110i0 OUT=fwbr110i0 PHYSIN=link110i0p PHYSOUT=tap110i0 ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre Derumier" <[email protected]>, [email protected] Envoyé: Mardi 13 Mai 2014 09:41:14 Objet: RE: [pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces > we need to match link+ rule from iptables rules, and need to have a name > different than link(\d+)i(\d+), for distinguished bridge/ovs interface unplug We currently generate: '-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-in link+ -j PVEFW-FWBR-IN', '-A PVEFW-FORWARD -m physdev --physdev-is-bridged --physdev-out link+ -j PVEFW-FWBR-OUT', Can't we simply do something like: '-A PVEFW-FORWARD -o fwbr+ -j PVEFW-FWBR-IN', '-A PVEFW-FORWARD -i fwbr+ -j PVEFW-FWBR-OUT', So that we do not depend on those 'link' names? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
