>>I assume that they have most basic optimizations, unless someone shows me the >>opposite.
ok. Do you want that I assemble a patch with -i vnet0 && -m set --match-set PVEFW-venet0-ipset src ? ----- Mail original ----- De: "Dietmar Maurer" <diet...@proxmox.com> À: "Alexandre DERUMIER" <aderum...@odiso.com> Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 15 Mai 2014 07:09:33 Objet: RE: [pve-devel] [PATCH] use linko+ name for ovs fwbrint interfaces > >>Or do you think kernel/netfilter will do this lookup > >>unconditionally/always > > I'm not sure but, I think it's doing both test. (-i vnet0 && -m set > --match-set > PVEFW-venet0-ipset src). > Doing this would be really stupid > But I'm not iptables expert, maybe they have already optimized this ;) I assume that they have most basic optimizations, unless someone shows me the opposite. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
