>>We can? Or we 'have to' replace that in order to make ips work? Currently, it's working, when connection is already established.
Only the first ACCEPT is not yet managed. >>I would like to have a complete patch before I commit this. Sure ! I'll improve the patch this afternoon. (I need also to check for vnet0) ----- Mail original ----- De: "Dietmar Maurer" <diet...@proxmox.com> À: "Alexandre DERUMIER" <aderum...@odiso.com> Cc: pve-devel@pve.proxmox.com Envoyé: Lundi 17 Mars 2014 13:43:29 Objet: RE: [pve-devel] [PATCH] add ips feature v2 > >>We use '-j ACCEPT' at many places. Each of those calls will bypass the ips? > >>So shouldn't we replace all occurrences of '-J ACCEPT'? > > I only replace when connection is established for now, but I think we can > replace the -J ACCEPT in tap-in chains without problem. We can? Or we 'have to' replace that in order to make ips work? I would like to have a complete patch before I commit this. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
