> By the way, I understand now why they are doing this: > > -A proxmoxfw-FORWARD -m physdev --physdev-out tap110i0 --physdev-is- > bridged -j tapchains > -A proxmoxfw-FORWARD -m physdev --physdev-in tap110i0 --physdev-is- > bridged -j tapchains > -A proxmoxfw-FORWARD -m physdev --physdev-out tap115i0 --physdev-is- > bridged -j tapchains > -A proxmoxfw-FORWARD -m physdev --physdev-in tap115i0 --physdev-is- > bridged -j tapchains > > > -A tapchains -m physdev --physdev-out tap110i0 --physdev-is-bridged -j > tap110i0-IN > -A tapchains -m physdev --physdev-in tap110i0 --physdev-is-bridged -j > tap110i0- > OUT > -A tapchains -m physdev --physdev-out tap115i0 --physdev-is-bridged -j > tap115i0-IN > -A tapchains -m physdev --physdev-in tap115i0 --physdev-is-bridged -j > tap115i0- > OUT > -A tapchains -J ACCEPT > > > > This is to test rules from sources tap and all targets tap rules, and do the > accept > when both have matched
But they test everything twice that way? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel