On 24.09.21 10:48, Alexandre Derumier wrote: > Currently, if bridge receive an unknown dest mac (network bug/attack/..), > we are flooding packets to all bridge ports. > > This can waste cpu time, even more with firewall enabled. > Also, if firewall is used with reject action, the src mac of RST > packet is the original unknown dest mac. > (This can block the server at Hetzner for example) > > So, we can disable learning && unicast_flood on tap|veth|fwln port interface. > Then mac address need to be add statically in bridge fdb.
I'm a bit out of the loop of the with the whole bad hetzner network thingy, is this still relevant as I'd see if I can get it in finally.. _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
