On Mon, Jul 27, 2015 at 03:01:30PM +0200, Alexandre DERUMIER wrote: > Oh, I speak too fast, > seem that for tcp traffic in bridge chain, I can see PROTO and port. > > forward: IN=tap150i0 OUT=fwln150i0 > MAC=00:08:7c:bd:ae:40:76:ef:e9:ed:9d:41:08:00 SRC=10.3.95.240 > DST=192.168.100.76 LEN=108 TOS=0x00 PREC=0x00 TTL=64 ID=42868 DF PROTO=TCP > SPT=22 DPT=49876 WINDOW=291 RES=0x00 ACK PSH URGP=0 MARK=0x7b > > So, it's really only missing conntrack here.
Yes I think you can match almost everything in pretty much every table. Provided they have implemented it ;-) so we'll have to wait for ct to land in bridge tables before considering switching to nft. Or does nft provide any other advantage already that would be worth the effort? _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
