>>So we can use: >> >> -A PVEFW-FORWARD -i fwbr+ -m physdev --physdev-is-bridged >> --physdev-out tap+ -j PVEFW-FWBR-IN >> -A PVEFW-FORWARD -I fwbr+ -m physdev --physdev-is-bridged >> --physdev-in tap+ -j PVEFW-FWBR-OUT >> >>?
Yes, but for veth interfaces ? (extra rules, and veth can be random I think ?) ----- Mail original ----- De: "Dietmar Maurer" <diet...@proxmox.com> À: "Alexandre DERUMIER" <aderum...@odiso.com> Cc: pve-devel@pve.proxmox.com Envoyé: Mardi 13 Mai 2014 10:03:57 Objet: RE: [pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces > >>'-A PVEFW-FORWARD -o fwbr+ -j PVEFW-FWBR-IN', '-A PVEFW-FORWARD > -i > >>fwbr+ -j PVEFW-FWBR-OUT', > >> > >>So that we do not depend on those 'link' names? > > Not possible, both -i fwbr -o fwbr are always defined, we can find the > direction we need to use physin or physout. > > IN=fwbr110i0 OUT=fwbr110i0 PHYSIN=link110i0p PHYSOUT=tap110i0 So we can use: -A PVEFW-FORWARD -i fwbr+ -m physdev --physdev-is-bridged --physdev-out tap+ -j PVEFW-FWBR-IN -A PVEFW-FORWARD -I fwbr+ -m physdev --physdev-is-bridged --physdev-in tap+ -j PVEFW-FWBR-OUT ? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
