On Wed, Nov 28, 2018 at 12:03:23PM +0100, Alexandre DERUMIER wrote: > >>I mean, it does "workâ˘" if we keep the firewall bridges around, as we > >>can match on `fwbr404i0` etc... > > >>But it would be nice if we could get rid of those... > > AFAIK, we also have added fwbr because we wanted the packet going twice in > netfilter, > once for vm1 output > once for vm2 input
Right, we don't get the output vmid via the netdev table that way... That's unfortunate... Maybe at postrouting... hmm. If only there were 'egress' hooks in the netdev chain as well. _______________________________________________ pve-devel mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
