Am 16.07.2014 10:38, schrieb Alexandre DERUMIER: >>> i get the following ebtables: >>> >>> active layer2filters (ARP): >>> >>> Bridge chain: tap102i0-OUT, entries: 4, policy: ACCEPT >>> -s ! d2:d6:ce:ec:ae:b8 -j DROP >>> -p ARP -j ACCEPT >>> -j DROP >>> -j ACCEPT >>> >>> This looks wrong (DROP / ACCEPT) > > I don't think it's a problem, you'll go to DROP, if you don't match > layer2filter, > and never go to the final accept. > > > do you have tested it ?
Yes it isn't it just looks strange ;-) Stefan > ----- Mail original ----- > > De: "Stefan Priebe - Profihost AG" <s.pri...@profihost.ag> > À: "Alexandre Derumier" <aderum...@odiso.com>, pve-devel@pve.proxmox.com > Envoyé: Mercredi 16 Juillet 2014 10:31:15 > Objet: Re: [pve-devel] pve-firewall : ip6tables + ebtables v4 > > Hi, > > Am 16.07.2014 01:14, schrieb Alexandre Derumier: >> changelog: >> >> - clean all trailing whitespaces >> - add remove_pvefw_chains for ip6tables (for firewall stop) >> - add last stefan patch for ebtables mac parsing > > i get the following ebtables: > > active layer2filters (ARP): > > Bridge chain: tap102i0-OUT, entries: 4, policy: ACCEPT > -s ! d2:d6:ce:ec:ae:b8 -j DROP > -p ARP -j ACCEPT > -j DROP > -j ACCEPT > > This looks wrong (DROP / ACCEPT) > > no layer2filters: > > Bridge chain: tap103i0-OUT, entries: 2, policy: ACCEPT > -s ! e:df:d:91:a8:60 -j DROP > -j ACCEPT > > Stefan > _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
