> Am 19.03.2017 um 21:42 schrieb Dietmar Maurer:
> >> To me the main question is why does pve-cluster provide a default of 0
> >> which disables iptables for bridges and makes pve-firewall useless for
> >> linux bridges.
> >
> > AFAIR this is for performance reasons ...
>
> sure but pve-firewall
Am 19.03.2017 um 21:42 schrieb Dietmar Maurer:
>> To me the main question is why does pve-cluster provide a default of 0
>> which disables iptables for bridges and makes pve-firewall useless for
>> linux bridges.
>
> AFAIR this is for performance reasons ...
sure but pve-firewall isn't working i
> To me the main question is why does pve-cluster provide a default of 0
> which disables iptables for bridges and makes pve-firewall useless for
> linux bridges.
AFAIR this is for performance reasons ...
___
pve-devel mailing list
pve-devel@pve.proxmox
Hi,
Am 19.03.2017 um 14:44 schrieb Dietmar Maurer:
>> After digging around for some weeks i found out that the chain FORWARD
>> does not receive packets anymore?
>
> And hints in syslog?
No the reason is simply that
net.bridge.bridge-nf-call-iptables
is 0 again. Most probably because /etc/sysctl.
> After digging around for some weeks i found out that the chain FORWARD
> does not receive packets anymore?
And hints in syslog? Which kernel do you run exactly?
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailma
