fix comment

[pve-firewall.git] / src / PVE / Firewall.pm

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index bb151faaeb560c780db9f5f283ff6cf5a17c5db2..87bd7995f3bc4e53797ae74ab5402f835aa1628f 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -912,7 +912,7 @@ sub generate_tap_rules_direction {
     if ($direction eq 'OUT') {
        $policy = $options->{'policy-out'} || 'ACCEPT'; # allow everything by default
     } else {
-       $policy = $options->{'policy-in'} || 'DROP'; # allow everything by default
+       $policy = $options->{'policy-in'} || 'DROP'; # allow nothing by default
     }
 
     if ($policy eq 'ACCEPT') {
@@ -1556,11 +1556,6 @@ sub compile {
        }
     }
 
-    if ($hostfw_enable) {
-       # allow traffic from lo (ourself)
-       ruleset_addrule($ruleset, "PVEFW-INPUT", "-i lo -j ACCEPT");
-    }
-
     return $ruleset;
 }