> By the way, I understand now why they are doing this:
> 
> -A proxmoxfw-FORWARD -m physdev --physdev-out tap110i0 --physdev-is-
> bridged -j tapchains
> -A proxmoxfw-FORWARD -m physdev --physdev-in tap110i0 --physdev-is-
> bridged -j tapchains
> -A proxmoxfw-FORWARD -m physdev --physdev-out tap115i0 --physdev-is-
> bridged -j tapchains
> -A proxmoxfw-FORWARD -m physdev --physdev-in tap115i0 --physdev-is-
> bridged -j tapchains
> 
> 
> -A tapchains -m physdev --physdev-out tap110i0 --physdev-is-bridged -j
> tap110i0-IN
> -A tapchains -m physdev --physdev-in tap110i0 --physdev-is-bridged -j 
> tap110i0-
> OUT
> -A tapchains -m physdev --physdev-out tap115i0 --physdev-is-bridged -j
> tap115i0-IN
> -A tapchains -m physdev --physdev-in tap115i0 --physdev-is-bridged -j 
> tap115i0-
> OUT
> -A tapchains -J ACCEPT
> 
> 
> 
> This is to test rules from sources tap and all targets tap rules, and do the 
> accept
> when both have matched

But they test everything twice that way?

 

_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to