> They also add an -input rules for outgoing packet from tap. (I think this for > from > tap to host) > > > -A INPUT -j proxmoxfw-chain-INPUT > -A FORWARD -m physdev --physdev-out tap100i0 --physdev-is-bridged -j > proxmoxfw-chain > -A FORWARD -m physdev --physdev-in tap100i0 --physdev-is-bridged -j > proxmoxfw-chain > > >> -A proxmoxfw-chain-INPUT -m physdev --physdev-in tap110i0 --physdev-is- > bridged -j tap110i0-OUT
So we can filter from VM to HOST correctly - that conforms to the docs. But the other direction does not work (HOST to VM). Maybe no big problem unless the user assigns IP addresses to multiple bridges. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
