> >>But they test everything twice that way? > > Yes, I don't known why. > maybe they want to be sure that tap to tap filtering is done only on known tap > interfaces with firewall enable ?
Yes, I think so. But one could avoid double checks by using '-j cleaup-chain' instead of using RETURN in tab-xxx chains? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
